Unpacking DHL email scams
Stephanie, a freelance designer, was surprised when she received a text message from DHL stating that her package was stalled. The reason? Unpaid customs fees. She was pretty puzzled as she had already paid for the package, and due to a huge project with a tight deadline she really needed it ASAP. Wanting to resolve the issue fast she didn't think twice, and clicked on a cleverly disguised phishing link within the message. The link navigated her to a fake site mirroring DHL's official page, where she was duped into providing her payment information. That led to a wild ride, where in a matter of hours, her account was compromised, leading to unauthorized purchases and charges.
If she used browser and mobile security tools like Guardio, this scam would have been detected and the shady website blocked.
While Stephanie’s story is shocking, sadly, it’s not unique. In the last decade, online shopping has seen a remarkable increase in popularity, but what truly accelerated its widespread buy-in (pun intended) was the impact of COVID-19. Having to quarantine at home gave people zero choice — If you were going shopping, it was online! And why not? It's simple and easy, the options are endless, and you can do it wearing pajamas while sitting on the couch. Now that the pandemic is behind us (fingers crossed), the seamless experience of online shopping remains an essential aspect of our lives. Get this, E-commerce purchases are expected to reach a whopping 20.8% in 2023. Unfortunately, the ease and comfort of online shopping does have a price. Aside from scammers using shopping sites to get your personal and financial information, delivery companies are also being used as a means of duping people.
49% of fraudulent activities involve delivery scams, where scammers send texts or emails impersonating delivery companies.
In this article, we'll unravel the intricate web of DHL email and SMS scams that target unsuspecting online shoppers. Additionally, we'll give you some concrete ways to protect yourself from digital threats. By using online security tools, like Guardio, we'll show you the way to shop with peace of mind and browse securely.
Let's jump in!
Expecting a delivery?
The upsurge in online shopping hasn’t gone unnoticed by cybercriminals, who want in on the action. Online shopping gives them the perfect entry point into unsuspecting customers' personal data. One strategy they use involves creating multiple phishing emails, which mimic the branding, logo, font, and layout of renowned delivery companies like DHL.
Scammers send out phishing communications via email or text. Then the unsuspecting customer opens them and gets duped by either:
- Clicking on links in the body of the message like “Check Delivery Status” or “Follow my Package”.
- Downloads an attachment named “Online Receipt.html” for the purchase they made (or didn’t).
Then all hell breaks loose — They’re either navigated to a malicious web page, or they download malware directly to their desktop computer. Both scenarios lead to the same outcome — a cybercriminal stealing your personal information for monetary gain.
That's where a helpful tool like Guardio comes in. Guardio alerts you whenever a phishing email reaches your inbox. Additionally, Guardio's mobile app warns you about malicious smishing texts. Using Guardio keeps you ahead of scammers and allows you to avoid dangerous links and attachments designed to damage your computer or security.
Get the best delivery scam protection
When it comes to courier companies, DHL takes the cake as one of the biggest players in the world. They do a fantastic job delivering packages, letting you know their status, and tracking their location. However, shipping can often take time, and if you’re a shopaholic like I am, you usually don't even remember when and what you ordered. So getting a delivery status update in your inbox or via text, makes total sense.
While the wording of the message can be different, it usually reads something like : DHL EXPRESS (reference number) from MCT/SUITOPIA is scheduled for delivery TODAY. Track at (fake link). Here are a few examples of how a fake email or text would look like:
Example of a fake DHL SMS
So how do you identify a DHL phishing email or text? First off, whenever you receive a message claiming to be from DHL, be extra cautious. If you’re not sure what to do, don’t worry we’ve got your back with not just one or two, but six foolproof ways to verify the authenticity of the message you received.
1. No tracking number: Any legitimate parcel tracking email or SMS will contain your tracking number in it. If it doesn't exist in the subject line of the email, or in the text, most likely, it's a fraudulent message and not related to anything you ordered. Stay on guard (io), especially when encountering messages with links that urge you "Click here for tracking number" – it’s total bait, so don’t be fooled and DON'T click them!
2. Attachments: Any message that contains an attachment should immediately be marked as suspicious. Even if it's from someone you know, as their account could have been hacked. DHL and DHL Express normally don’t send any attachments as they can contain malware. If you’re expecting a package delivered by DHL, the tracking number will be in the email or SMS itself not in an attachment.
3. Shipment or custom fees: Another form of scammy DHL messages are emails and texts that prompt you to pay an extra fee in order to have your package released. Quite often, the fee is less than $10 and can be as low as $2.67 which sounds pretty logical. But it's not the fee they're after... It's your credit card details.
Avoid pressing any links and check the domain of the sender and what website you’re being referred to. When in doubt go directly to the DHL website, where you’ll be able to verify if you indeed owe any shipment fees.
Worried about delivery scams?
4. Delivery update: These messages are the easiest to fall for as they seem like an innocent, notification about your delivery status. But here's the kicker, the link takes you to a phishing websites where you'll need to "log in" to access the information. Once you log in, you're essentially handing your personal details straight into the hands of a scammer. Again, when in doubt, just go directly to the DHL website.
5. Asked to pay for purchased goods: DHL will never ask you to pay for anything you bought online. They're a delivery company. If you got a message asking you to pay for something you ordered, report it immediately. To report any suspicious emails or texts you can send your concerns to firstname.lastname@example.org
6. Problem delivering your package: If you've been on a shopping spree across different websites, it's easy to lose track of all your orders. Scammers are well aware of this frenzy and try to take advantage of the chaos by crafting sneaky messages that claim that there's an issue with your delivery.
Remember, don't take the bait, click on any links or download attachments. For real DHL updates, skip the risks and head directly to your local DHL website (like dhl.fr), dependent on where you are.
Whenever there's any doubt, there is no doubt. In other words, recognizing and reporting DHL scams, means that if you think that anything is out of place or seems weird contact the delivery services support channels directly. Additionally, follow these 3 rules of thumb to help you avoid DHL delivery phishing attempts:
1. Verify before taking action: If you receive an unexpected email or text claiming to be from DHL, especially one requesting payment or personal information, take the time to verify its authenticity. Contact DHL directly using contact information from their official website, not the details provided in the suspicious message. Confirm whether they sent the communication before clicking on any links, downloading attachments, or replying with personal information.
2. Install security software: Having reliable security software like Guardio on your devices can eliminate the risks of falling prey to phishing scams. Guardio scans your emails and alerts you to potential phishing attempts, blocks malicious websites, and prevents the download of dangerous files. Guardio's mobile app also scans your SMS messages and alerts you of smishing attempts, giving you 24-7 protection against online threats and deceptive messages that seem like they're coming from DHL.
3. Stay informed: Scammers constantly evolve their methods, so staying updated on the latest scam trends can help you spot a fake. Often, companies like DHL will inform their customers about ongoing scams. You can also check out our blog page for lastest in scams and security software.
Nowadays, with online shopping and endless deliveries, DHL email scams are more prevalent than ever. The good news is that while scammers are crafty, you can be savvier. By installing online tools like Guardio, you're not just protecting your personal information; you're reclaiming your peace of mind. The convenience of online shopping doesn’t have to be tainted by the fear of cyber theft. Take action now and don’t let your excitement over a package turn into a costly lesson. Install Guardio’s browser extension and start your 7-day free trial today. Stay safe, shop smart, and let Guardio be your digital shield against cybercriminals lurking behind those DHL delivery scams.