Australians have been warned against a phishing scam that uses the DHL brand to manipulate victims into handing over their personal details.
Email security software MailGuard has issued an alert about the email scam that informs users that a package has arrived for them at their local post office, but “you haven’t received it yet”.
“You have 24 hours to collect the package otherwise it will be returned to sender,” the scam email reads.
Users are then asked to pay “1.99 $” [sic] to “confirm the package”.
Users who click the link will be taken to a webpage that uses DHL’s logo and branding, which also includes a reCAPTCHA feature to ask users to confirm they are human.
“This feature is likely employed by cybercriminals to thwart automated checks by email security filters,” Mailguard’s blogpost states.
Those who click the box will be taken to another page, where they are then asked for their credit card number, expiration date and security code.
“This is actually a phishing page hosted on Namecheap, a domain name registration and web hosting company. Once users fill in all required fields in the page above, the attacker harvests them for later use,” said MailGuard.
Users are then told that their request is being processed with their bank.
Anyone who receives an email like this should delete it immediately, the security software platform said.
“We strongly advise all recipients to delete these emails immediately without clicking on any links.
“Please share this alert with your social media network to help us spread the word around this email scam.”
Shipping companies like DHL, along with Australia Post and FedEx, are typical targets because they are trusted and well-known brands.
The increase of online shopping has also increased the likelihood that individuals might receive such notifications.
“In this case, cybercriminals are preying on the curiosity of DHL customers who may actually think a package has not been delivered to them despite being available at their local post office,” said MailGuard.
But here are some signs that the email is a fake:
The email doesn’t address you by name;
The email uses poor English or grammar, and doesn’t have information that a trusted company should;
The email is from a business you’re not familiar with or expecting to hear from; or
Takes you to a landing page that isn’t the legitimate URL.
If you received this scam, you can report it to DHL at firstname.lastname@example.org.
Australians who have received phishing emails should let the relevant organisation know and report it to ScamWatch.