Yahoo Finance Warning to millions of Aussies as DHL caught in email scam
Australians have been warned against a phishing scam that uses the DHL brand to manipulate victims into handing over their personal details.
Email security software MailGuard has issued an alert about the email scam that informs users that a package has arrived for them at their local post office, but “you haven’t received it yet”.
“You have 24 hours to collect the package otherwise it will be returned to sender,” the scam email reads.
Also read:
Users are then asked to pay “1.99 $” [sic] to “confirm the package”.
Users who click the link will be taken to a webpage that uses DHL’s logo and branding, which also includes a reCAPTCHA feature to ask users to confirm they are human.
“This feature is likely employed by cybercriminals to thwart automated checks by email security filters,” Mailguard’s blogpost states.
Those who click the box will be taken to another page, where they are then asked for their credit card number, expiration date and security code.
“This is actually a phishing page hosted on Namecheap, a domain name registration and web hosting company. Once users fill in all required fields in the page above, the attacker harvests them for later use,” said MailGuard.
Users are then told that their request is being processed with their bank.
Anyone who receives an email like this should delete it immediately, the security software platform said.
“We strongly advise all recipients to delete these emails immediately without clicking on any links.
“Please share this alert with your social media network to help us spread the word around this email scam.”
Shipping companies like DHL, along with Australia Post and FedEx, are typical targets because they are trusted and well-known brands.
The increase of online shopping has also increased the likelihood that individuals might receive such notifications.
“In this case, cybercriminals are preying on the curiosity of DHL customers who may actually think a package has not been delivered to them despite being available at their local post office,” said MailGuard.
But here are some signs that the email is a fake:
The email doesn’t address you by name;
The email uses poor English or grammar, and doesn’t have information that a trusted company should;
The email is from a business you’re not familiar with or expecting to hear from; or
Takes you to a landing page that isn’t the legitimate URL.
If you received this scam, you can report it to DHL at phishing-dpdhl@dhl.com.
Australians who have received phishing emails should let the relevant organisation know and report it to ScamWatch.
Find out more about The Broke Millennials Club’s 6-Week Bootcamp here. And join the conversation on Facebook.
Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter to make 2021 your best (financial) year yet.
