Watch Out: DHL-themed phishing email scam claims you have an ‘undelivered parcel’

Posted by on 28 May 2021 14:51:07 AEST

As we head closer to the End of Financial Year (EOFY), cybercriminals continue using parcel delivery related lures to trick users.

MailGuard has intercepted a fraudulent email leading to multiple fake DHL-branded phishing pages. Titled ‘PACK EXPRESS’, the email claims to be from a company in Norway. It informs recipients that they have an ‘undelivered parcel’, citing issues with their delivery address. Users are directed to click on a provided link in order to submit their ‘correct address’. The email actually originates from an eCommerce website.

Here’s what the email looks like:

DHL_2805_Social email


Unsuspecting users who click on the link are led to a page employing DHL’s logo and branding. They are informed that to complete the delivery as soon as possible, they need to confirm payment "within the next 14 days" by clicking "Next". The page also contains a tracking number. Here is what the page looks like:


After users click on the arrow to proceed, they are led to similar pages asking users to insert various details, including their names, addresses, credit card information, and finally, a verification code, as per the below screenshots:







As you can see, these pages also employ branding elements belonging to DHL. However, the domains used in the URLs of these pages, however, do not belong to the shipping company. These are actually phishing pages hosted a compromised website and are designed to harvest the above-mentioned credentials of users.

We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases. Most recently, MailGuard reported a similar DHL-themed email scam at the beginning of May.

The timing of this scam is particularly opportunistic. With the End of Financial Year (EOFY) approaching, many users will be shopping online to take advantage of lucrative deals & sales. This is one of the busiest parts of the year for shopping & parcel delivery. Scammers know that receiving notifications related to parcel delivery isn't likely to be unusual in this period, and hence use lures like these to trick users. We’re all eager to get our shopping on time, so we might not think twice before clicking a link in parcel-delivery notifications.

In this particular case, cybercriminals are preying on the curiosity of DHL customers who may think a ‘package’ is actually on its way. This motivates them to enter their personal details without hesitating. Here are some techniques that cybercriminals behind this scam have employed to trick users:

  • The inclusion of specific details, like a tracking code, suggests the email is sent from an official source belonging to DHL, boosting its credibility,
  • The inclusion of a message in the phishing page that the link to confirm payment will expire in 14 days. This intrigues and motivates users to take immediate action if they wish to receive their package. Cybercriminals behind this scam hope in their excitement to retrieve their package, recipients don’t pause to check for the legitimacy of the email, and
  • The presence of security features like a verification code, to confirm payment. These features are commonly present in notifications from well-established companies like DHL, further convincing users that those pages actually belong to DHL.

Despite these techniques, several red flags are present in the email that should alert users of its illegitimacy. These include the fact that the recipient isn't addressed directly in the email, and that it contains spacing & grammatical errors, including within the email’s subject line.

We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever (especially since the COVID-19 pandemic), it’s sometimes hard to keep track of what parcels we’re expecting. Cybercriminals know this, and often prey on people’s busy lives and curiosity trick them.

DHL advises users to report any suspicious emails or activity to its dedicated Anti-Abuse Mailbox at More details can be found here.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from, and
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 


One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates



Topics: Phishing DHL Parcel notification scam email scams fraud parceldeliveryscam fastbreak parcel

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all