‘On its way’: DHL customers warned about shipping email
Recipients of an email with the subject, ‘Your shipment is on its way’ purporting to be from ‘DHL Customer Care’, are strongly advised to not click on links asking them to retrieve a parcel.
The email is likely to be a phishing attempt by cybercriminals aiming to steal credentials and potentially install malware on your network, MailGuard has warned.
Also read: Scammers use Tinder, ATO to fleece Aussies of $851 million
Also read: ‘They’re everywhere’: EVERY tax scam to look out for this year
“The email has been sent from a compromised account, belonging to an employee of a hotel business, with the sender’s name displayed as ‘DHL Customer Care’ – the first giveaway of its inauthenticity,” MailGuard said.
The email uses the signature DHL brand colour as the background to the body of the email and advises the victim that their parcel had attempted to be delivered by a courier.
Users are then asked to confirm if they were expecting a package, by clicking on an enclosed attachment.
Here’s what the email looks like.
The email is riddled with grammatical errors, along with a lack of DHL branding, a clear red flag that the email is not legitimate.
After clicking on the attachment, victims are requested to enter their email address and corresponding password on a phishing page in order to view the documents.
On this page, the scammers use a background image displaying DHL courier vans, as well as copying the branding and logo of the company. The domain address does not belong to DHL, MailGuard said.
“Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases,” MailGuard said.
“Users are encouraged to remain vigilant as cybercriminals target those awaiting parcel deliveries. If you are not expecting a package, please do not open any unfamiliar links.”
Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.