Australia markets closed

    +8.90 (+0.11%)

    -0.0018 (-0.27%)
  • ASX 200

    +9.20 (+0.12%)
  • OIL

    -0.45 (-0.59%)
  • GOLD

    -6.20 (-0.30%)
  • Bitcoin AUD

    -666.07 (-0.85%)
  • CMC Crypto 200

    0.00 (0.00%)

Aussies warned over DHL $6.99 'express package' charge

A DHL worker getting into a DHL van and a copy of the scam DHL email.
Aussies are being warned to stay vigilant about a new DHL scam making the rounds. (Source: Getty/MailGuard)

Delivery giant DHL has been impersonated by another scam attempting to steal the personal details of Aussies.

MailGuard intercepted a new email purporting to be from DHL and has warned Aussies to be on the lookout for any emails with the subject line “Subject of the delivery of your package” and a sender name which shows “Express”.

Using DHL’s branding, the email warns the recipient’s parcel could not be delivered because no duty was paid, and shows the owing amount as $6.99.

The email then directs the potential victim to click on a button to confirm sending the shipment. However, that link takes the person to a fake DHL page designed to harvest their personal information.

MailGuard said the website initially appears to open on an Indian hypnotherapy business page, and then redirects to a domain connected to a Moroccan IP address.

Once again, the customer is told they owe $6.99 and are instructed to pay by entering their:

  • Credit card number

  • CVV

  • Expiry date (Month/Year)

A copy of the DHL scam email.
This is what the DHL scam email looks like. (Source: MailGuard)

“To make the page more believable, the scammers have included instructions underneath the payment screen, which recommends the user takes note of their order number, explains the payment process, and even refers to ‘consumption rights’,” MailGuard said.

After entering credit card information to make a payment, the victim is asked to enter details to confirm the information for the delivery, including:

  • First name

  • Last name

  • Address

  • Phone number

  • Zip code

  • Date of birthday

To confirm the payment, the victim is asked to enter a unique password that has been sent to their mobile.

“One-time password screens are commonly used when processing legitimate payments so, many individuals would not think twice when faced with this screen. However, they’re also often used in phishing scams so that the cybercriminal is able to verify a credit card,” MailGuard said.

“MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.”

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.