Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – DHL Phishing Scam Disguised as Parcel Notification

DHL Phishing Scam

Cybercriminals are ramping up for the holiday season with the launch of a new DHL phishing scam, disguised as a parcel arrival notification from international shipping company, DHL.

Victims have reported receiving an email that appears to be a legitimate DHL shipping notification with a tracking number, various links, and an attachment containing details about an ‘Arrival Notification’.

While the sender appears to be ‘DHL Shipment AWB’, the email has been sent from a compromised address.

As soon as the user clicks on the link, they are directed to a fake login page that has been specifically set up to harvest user data such as usernames, passwords and other personally identifiable information.

In other variants of the scam, the link to the attachment is loaded with malware so as soon as the user downloads it onto their computer, they are infecting their device with a malicious software that can be used to spy on their online activities or steal personal information.

Fake DHL shipment

DHL provided advice to customers on what they should do if they suspect they’ve received a phishing email: “The DHL name has been used in a series of fraudulent email scams, commonly referred to as Phishing. These emails are not authorised by DHL – their authors are only using the DHL name in their message to grab the user’s attention and lend apparent legitimacy to the emails.

“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist, and the attachment may be a computer virus. Please do not open the attachment or click any links. This email and attachment do not originate from DHL.”

DHL is just one of a number of big brands that tend to get hit hard with phishing scams at this time of the year. Inboxes are flooded with delivery notifications from online-retailers and fraudsters are quick to take advantage of this flurry of online activity to launch mass phishing scams.

How to Avoid DHL Phishing Scams

To reduce your chance of falling for a seasonal DHL phishing scam, you should follow the below guidelines:

  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website – Legitimate sites will always be secured using a ‘HTTPS’ certification.
  • Pay close attention to the spelling of an email address, if there are any inconsistencies, delete immediately.
  • Ignore and delete emails with poor grammar and spelling.
  • Reputable companies will never ask you to supply personal information in an email.
  • Use strong passwords to reduce the chance of devices being hacked.
  • Install the latest anti-virus software on your device and ensure it is regularly updated.

Email phishing is on the increase and is becoming a major problem for organisations as it becomes more sophisticated and targeted.

The Ultimate Guide to Phishing

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations