Skip to content

DHL customers warned: ‘Shipment is awaiting processing’

Aussies have been warned to look out for an email scam pretending to be from popular delivery service DHL.

The email has the subject line “Parcel Shipping Details” and claims to be from DHL, using the company’s logo and images.

But the email is actually a phishing attempt by cybercriminals who are trying to steal your personal information, including your credit card details.

“Parcel-delivery scams are one of the most common types of phishing attacks and, amongst them, DHL is arguably the most popular,” email security company MailGuard said.

In the email, the victim is told they have a shipment “awaiting processing” and that their package could not be delivered because of an “unpaid duty” of $1.99.

Clicking the “verify information” button redirects the victim to a different webpage, where they are asked to confirm that they are a human and not a robot.

The fake DHL login page then asks them to provide their personal details and credit card information.


DHL email scam message asking for credit card details.
The phishing email directs users to a fake DHL page. (Source: MailGuard)

“Once these details are entered and submitted, the attacker harvests them for later use,” MailGuard said.

Next, a physical address is requested for the purported shipment, along with the victim’s date of birth and email address. The victim is then asked to enter an SMS code to verify the transaction.

“In a common tactic employed by scammers, the code is rejected as invalid. In reality, a fraudulent transaction is likely being completed with the stolen credentials that the victim has unwittingly shared,” MailGuard said.

MailGuard is warning Aussies to delete the email immediately without clicking on any links.

Don’t click links or open attachments within emails that are not addressed to you by name or are from businesses you are not expecting to hear from, it said.

If the email purports to be from a legitimate company, look out for poor English or lack of personal details.

Additionally, the email may send you to a website that is not the legitimate URL of the company it is pretending to be sent from.

Article from: