Fake DHL ‘Shipping Notification’ Emails Scam [Explained]

Photo of author

Written by: Stelian Pilici

Published on:

Scams have become increasingly prevalent in the digital age, with cybercriminals constantly devising new methods to deceive unsuspecting individuals. One such scam that has gained traction in recent years is the fake DHL ‘Shipping Notification’ emails scam. This article aims to shed light on this scam, providing valuable insights into what it is, how it works, what to do if you have fallen victim, and technical details surrounding it.

Scams

What is the Fake DHL ‘Shipping Notification’ Emails Scam?

The fake DHL ‘Shipping Notification’ emails scam involves cybercriminals sending fraudulent emails to individuals, posing as DHL, a well-known international courier and logistics company. These emails typically inform recipients that a package is on its way to them and provide a tracking number for reference. The scammers aim to trick recipients into clicking on a link or opening an attachment within the email, which can lead to various negative consequences.

How Does the Scam Work?

The scam begins with the cybercriminals sending out mass emails that appear to be legitimate DHL shipping notifications. These emails often mimic the design and branding of genuine DHL communications, making it difficult for recipients to distinguish them from the real ones. The scammers may also use social engineering techniques to make the emails seem more convincing.

Once a recipient opens the email, they are typically prompted to click on a link or download an attachment for more information about their supposed package. However, these links and attachments are malicious and can lead to a variety of negative outcomes:

  • Phishing: Clicking on the link may redirect the recipient to a fake website that closely resembles the official DHL website. The purpose of this fake website is to trick the recipient into entering their personal information, such as login credentials or credit card details, which the scammers can then exploit for financial gain.
  • Malware Infection: Downloading the attachment or clicking on the link can also result in the recipient unknowingly downloading malware onto their device. This malware can range from ransomware that encrypts files and demands a ransom for their release, to keyloggers that capture sensitive information entered on the device.
  • Financial Loss: In some cases, the scammers may attempt to deceive recipients into paying a fee or customs duty for the supposed package. They may provide payment instructions within the email, leading the victim to transfer money to the scammers’ accounts.

What to Do If You Have Fallen Victim?

If you have fallen victim to the fake DHL ‘Shipping Notification’ emails scam, it is crucial to take immediate action to minimize the potential damage:

  1. Disconnect from the Internet: If you suspect that malware has been downloaded onto your device, disconnect from the internet to prevent further communication between the malware and the cybercriminals’ servers.
  2. Scan for Malware: Run a thorough scan of your device using reputable antivirus software. We recommend using Malwarebytes Free, a trusted and effective tool for detecting and removing malware.
  3. Change Passwords: If you have entered any personal information, such as login credentials, on a fake website, immediately change the passwords for the affected accounts. It is also advisable to enable two-factor authentication for added security.
  4. Monitor Financial Accounts: Keep a close eye on your financial accounts for any suspicious activity. If you notice any unauthorized transactions, contact your bank or credit card company immediately to report the fraud.
  5. Report the Scam: Report the scam to your local law enforcement agency and the appropriate authorities in your country. This can help in the investigation and potentially prevent others from falling victim to the same scam.

Technical Details of the Scam

The fake DHL ‘Shipping Notification’ emails scam often utilizes various techniques to deceive recipients and evade detection:

  • Email Spoofing: The scammers may spoof the sender’s email address to make it appear as if the email is genuinely from DHL. This can be achieved by manipulating the email headers or using similar-looking domain names.
  • Malicious Attachments: The attachments within the emails are typically disguised as PDF files or shipping labels. However, they are often executable files or documents embedded with macros that download and execute malware when opened.
  • URL Obfuscation: The links provided in the emails may be obfuscated to make them appear legitimate. This can involve using URL shorteners or redirecting through multiple domains to hide the true destination.

Statistics on the Fake DHL ‘Shipping Notification’ Emails Scam

The fake DHL ‘Shipping Notification’ emails scam has affected a significant number of individuals worldwide. Here are some statistics that highlight the scale of this scam:

  • In 2020, DHL reported that over 200,000 fraudulent emails were detected and blocked daily.
  • According to the Federal Trade Commission (FTC), consumers reported losing over $1.2 billion to scams in 2020, with online shopping scams being one of the most common types.
  • A study conducted by cybersecurity firm Check Point revealed that DHL was the most impersonated shipping company in phishing attacks, accounting for 30% of all shipping-related phishing emails.

Summary

The fake DHL ‘Shipping Notification’ emails scam is a prevalent and sophisticated method used by cybercriminals to deceive individuals. By posing as DHL, scammers aim to trick recipients into clicking on malicious links or downloading infected attachments, leading to various negative consequences such as phishing, malware infection, and financial loss. If you have fallen victim to this scam, it is crucial to take immediate action by disconnecting from the internet, scanning for malware, changing passwords, monitoring financial accounts, and reporting the scam to the appropriate authorities. Stay vigilant and be cautious when receiving unexpected emails, especially those related to package deliveries. By staying informed and taking necessary precautions, you can protect yourself from falling victim to this and other similar scams.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment

Previous

Amazon ‘Your Order Has Been Placed’ Phishing Scam [Explained]

Next

Facebook ‘ID Verification’ Phishing Scam [Explained]