Yahoo Finance DHL scam circulates as cybercriminals ‘prey’ on Christmas shoppers
Australians have again been warned to beware of a new DHL scam circulating inboxes that threaten to trick users into handing over their credit card details.
Email security software Mailguard issued a warning on Thursday about a phishing scam that appears like it’s sent from ‘DHL service’.
The warning comes as retailers and delivery service providers gear up for the bumper holiday shopping season and Aussies head online to make their purchases.
“We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever (especially since the COVID-19 pandemic), it’s sometimes hard to keep track of what parcels we’re sending and expecting,” Mailguard said in a blog post.
“Cybercriminals know this, and often prey on people’s busy lives and curiosity [to] trick them.”
What does the scam look like?
The email comes with the subject line ‘Warning!’ and advises victims that their package is awaiting delivery.
“To complete the delivery of your package, please confirm payment (1.99 EUR). The online confirmation must be made within the next 14 days before expiry,” the email reads.
Recipients are directed to a link that says ‘Deliver my package>>’. However, the link does not go to the DHL’s real website, and the sender isn’t from DHL.
“It actually originates from an external hosting platform. This platform may have been compromised, or set up by the attackers for fraudulent purposes,” Mailguard stated.
Users who click the link are taken to a website titled ‘DHL TRACKING’ that uses DHL’s logo and colour schemes.
Your name and credit card details are requested by the fake website.
“The domain used in the URL of this page, however, does not belong to the shipping company. It's actually a phishing page hosted on a compromised website and is designed to harvest the above-mentioned credentials of users,” said Mailguard.
“In addition, all the hyperlinks included in this page don’t lead to legitimate pages. Instead, users who click on any of these links are led back to the phishing page itself.”
If you punch in your details, you're taken to a second page that asks you to enter a verification code sent to them through text message.
“We strongly advise all recipients to delete these emails immediately without clicking on any links.”
Mailguard also urged users to share the scam around to inform others. “Please share this alert with your social media network to help us spread the word around this email scam.”
The email security platform recently raised the alarm on a very similar DHL scam that also aims to steal credit card details by asking recipients to “complete the payment of 1.99 EUR”.
Online criminals will be seeking to take advantage of the busy shopping period, Mailguard warned.
“Scammers know that receiving notifications related to parcel delivery isn't likely to be unusual in this period, and hence use lures like these to trick users.
“We’re all eager to send and receive our shopping on time, so we might not think twice before clicking a link in parcel-delivery notifications.”
If you received this scam, you can report it to DHL at phishing-dpdhl@dhl.com.
Want to hear Australian influencers reveal their best finance tips? Join the Broke Millennials Club on Facebook, and receive one hot tip per day in December.
And if you want 2021 to be your best (financial) year yet, follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter. Subscribe to the free Fully Briefed daily newsletter here.
