Home > Scam > Fake DHL Text Message – Get Rid of DHL Scams (2021)

Fake DHL Text Message – Get Rid of DHL Scams (2021)

DHL scam is connected to some fake delivery notice text message. DHL scams, including related emails, messages, and websites, are shown in this article. If you see a suspicious DHL text message 2021 know that it is a DHL phishing scam from a Fake sender. If you suspect your computer device to be infected, scan your system with a security program.


DHL Scams are quite widespread across the World. From specially crafted websites that push such scams, to specific messages sent to targeted email addresses, the DHL brand has been used in DHL scams for nefarious reasons. Such reasons include stealing DHL credentials, personal information, or pushing malware with a hidden agenda in most cases.

More and more users fall victim to these scams as they are recurring and keep reappearing every few months. That is due to the fact that every new variant of a scam tends to mimic DHL closer than before, making it more believable with each new attempt.

Ultimately, you will be asked to login or visit a URL address and do some action or pay for a shipment via another service. You should avoid any links other than the official DHL ones, and you will see how you can differentiate between them and the ones used in scams in this article.

DHL Phishing Scams Summary

Name DHL Scams
Type Phishing, PUP, malware
Short Description Phishing messages trying to trick you into clicking links to get redirected. Once redirected you will be asked to do an action, such as providing personal details, data about credential information or fill in a form. In some cases, clicking a link will download malware on your PC.
Symptoms You receive an e-mail message that is allegedly from DHL. You will be urged to click on a link. You can then get malware on your computer or get redirected from link to a landing page mimicking the DHL website asking you to fill in information.
Distribution Method Phishing Emails, Pop-up messages, Redirects
Detection Tool See If Your System Has Been Affected by malware


Malware Removal Tool

November 2020 DHL Phishing Messages Update

Check Point Research staff made a thorough analysis of the popular phishing scams that are being used against web users the most. It appears that the top places are held by Microsoft and DHL. According to their statistical information, the main point-of-intrusion includes email messages and brand impersonation techniques.

To a large extent, these attacks are becoming more and more prevalent due to the rise of remote workers amidst the COVID-19 pandemic. Some of the detection techniques which are used to identify potentially fake DHL messages rely on the checking of several attributes. The phishing email messages may notify the recipients that they are receiving a shipment without quoting a valid tracking number.

A principle method that is widely practiced by hacking groups is the manipulation of users into making them open files, making them believe that this is required in order to show the tracking number. In reality, this will lead to a virus code execution.

Another frequent DHL-related fraud is the sending out of notifications that ask for payment of goods prior to the delivery. The company does not collect payment of goods ordered from merchants.

DHL Fake Delivery Notice Text Message

Most times, a fake delivery notice text message is delivered via DHL scam emails. Such emails are more frequent than in the past as users order online more these days. Users are reporting DHL Text messages inside scam emails by the dozen. The modus operandi of the DHL scam emails has not changed drastically, although a phone number might be involved, making for a DHL scam call every once in a while. If you have any doubt and if the emails you have received are indeed DHL scam emails , look no further – in this article, we have gathered the most common of these scams, what they do and how to protect yourself from them.

DHL Scams – Distribution Ways

Those might distribute via a third-party installation setup. Applications connected to DHL Scams can intrude your computer, without your knowledge of that. Installer setups like those could be set by default to install additional components. Bundled packages and freeware setups regarded as PUPs could be distributed and push scam messages to your PC and browsers. To avoid installing unwanted applications, you can to search for the Custom or Advanced settings. If you find such, you could probably deselect anything you do not want on your machine.

Note! These types of DHL Scams were seen to be pushed via e-mail address messages on a large scale as seen on the below screenshot. Beware of any messages that have links to DHL services that you don’t remember using.

DHL Scams might distribute itself by using similar websites that are hosting phishing landing pages. Websites like those use the DHL brand without permission, and to an extent, you might not differentiate the original with the fake website. Clicking on just one redirect link or an advertisement could send malware to your computer system. Banners, pop-ups, and more kinds of adverts could be placed on top of browser pages to push more links and phishing messages. Any browser could be affected and any operating system for that matter.

DHL Scams

Many scams related to DHL are circling the Internet nowadays and seem to increase every month. This article will reveal the vast majority of scam types, which suggest that you have to use the DHL Service in some way or form to receive some shipment or reward via the service. The scam is not exactly new as versions of it can be observed from years ago. Although, every year, the scam gets more and more sophisticated and has built higher popularity amongst users. People that fall victim to such scams are surprisingly growing instead of decreasing.

Websites that are hosting such DHL Scams can load pop-ups and other advertising content as you are browsing to help popularize it. Heaps of advertisements might show, promoting a way to obtain a shipment or something else via the DHL brand.

DHL Scams – Ursnif Malware Delivery

A separate attack campaign has been detected in early December 2018 which uses the DHL phishing scam as the conduit to spread the Ursnif Trojan. According to the released information, the intrusions are being done in targeted waves. The reported infections seem to be focused against Italian users. An example subject line is the following “”VS Spedizione DHL AWB 94856978972 proveniente dalla GRAN BRETAGNA AVVISO DI GIACENZA”. The email messages display the typical DHL scams as stated above; some of them may be personalized in order to fool the recipients into interacting with them. The dangerous payload is attached directly to an archive file. When it is opened, it will reveal a .js (JavaScript) file. When launched, it will initialize the infection script.

When this is done, the infection script downloads a dropper, which will first generate a lot of Internet traffic that may seem random. This is done in order to make detection more difficult.

In the end, the dropper will download and extract an extract a second-stage file. It will establish a connection with a hacker-controlled server, which uses signatures that are identical with Ursnif malware samples. Further information about the Ursnif malware samples detected in the DHL scams reveals that the third-stage of the malware also installs itself as a persistent threat. This means that it will manipulate the Windows Registry, making it very hard to remove.

This infection allows the hackers not only to spy on the users but also execute commands, hijack their data and take over control of their machines at any given time.

“DHL Parcel Arrival Notification” Scam

This scam is a recurring one, which means that it keeps showing up, year after year, months after months. The scam shows you a notification of a “DHL Parcel Arrival“.

You can preview a variant of the DHL Parcel Arrival scam message below:

From the above image, you can see an email message with stating that you have a DHL Parcel awaiting delivery. That message can also be sent via SMS to targeted phone numbers, containing nearly the same message. Here is what such a message contains:

From: DHL Express [fake mail redacted]

Date: Sat 20/05/2017 14:37

Subject: Attention: You have 1 New Parcel for delivery


You have 1 New Parcel for delivery. Our courier was unable to deliver the parcel to you due to incorrect delivery details.

To receive your parcel, Please see and check attached shipping documents.


With kind regards, DHL Express


CONFIDENTIALITY CAUTION: This message is intended only for the use of the individual or entity to whom it is addressed and may be confidential in nature. If you are not the intended recipient, please notify us immediately by return email, and please do delete this message. You should not disseminate, distribute, copy, or disclose any information contained herein to any third party. **Please consider the environment before printing this email**

Somewhere inside the message there will be a link. That link may look like the official URL address of the DHL service but do not get fooled. The link will redirect you to a phishing page that may look very similar to a legitimate DHL-hosted page, but has a suspicious URL that is not located on the official domain. In this case, the link shown above will land you on a page with a long address, such aa one with lots of symbols like numbers and random letters, as seen in the below screenshot:

Afterward, you will be prompted to enter your email address and password to the DHL service. In case you are wondering why, it is due to the fact that the cybercriminals want to steal your DHL account and related online identity. If you proceed and enter both of these details, you will be redirected with a message that you have entered an “invalid password”, tempting you to enter your details “correctly” and carefully. If you go the rounds one more time, you will get the following page to display:

Here is where you should get suspicious. Why would the company need your address sent again, if you indeed ordered something? In case you did not get suspicious and went on and filled the details on that page as well, you will finally get redirected to the official page of the DHL website. You should be wary of any such websites, and if you doubt the contents of a message that is supposedly from DHL you should ask your family household if anybody ordered something via the service or login by entering the official URL into the address bar.

“DHL Shipment Notification” Scams

The DHL Scams have many variations, but what you will see the most are the following messages, displayed in the below screenshots:

” DHL Shipment Notification” scams will generate an email message with content of something in the lines of the following:

From: DHL Customer Support [support fake email]

Date: Thu 30/03/2017 14:58

Subject: DHL Shipment Notification : 1860915879

Attachment: _Dhl_expr._DATE201703.zip

Body content:

Notification for shipment event group “Delivered” for Thu, 30 Mar 2017 14:57:31 +0100.
AWB Number: 1860915879 Pickup Date: Thu, 30 Mar 2017 14:57:31 +0100 Service: N Pieces: 2 Cust. Ref: G Description: DOMESTIC EXPRESS
Ship From: Ship To:
NBL S. A. NA * – 49796 NA

EVENT CATEGORY Thu, 30 Mar 2017 14:57:31 +0100 – Shipment delivered – Signed By – M C

Shipment status may also be obtained from our Internet site in USA under [fake URL address] or Globally under [fake URL address]

Please do not reply to this email. This is an automated application used only for sending proactive notifications.

You are receiving this email because a notification is configured to receive notifications from Proview.

The left of the above screenshots shown above depicts one of the scams involved with the spoofing of the DHL brand, stating that some documents are ready for download and that a package you ordered is on its way. Inside that note, a link will be provided. That link might redirect you to an address that downloads a malware payload on your computer. Another example would be an attachment that goes along with the email that contains a file (usually an executable or JavaScript file disguised as a document). Such an attachment will also, in most cases, download a malicious payload aiming to infect your computer system.

However, most of the time, these messages aim to do the same procedure as the one previously described on the “Parcel” type of scam. That procedure involves redirecting you to a phishing landing Web page and stealing your information (including personal data and credential details). After you input the details on any similar page, you will get your DHL account hijacked, or even worse – your identity is stolen and used for other online purchases.

Another Phishing Scam that has been seen in July 2018 is the following email:

Dear customer,

Your Shipment has just arrived at our Regional Office and ready for delivery today, but we were unable to confirm your delivery address.

Please Download and print the attached receipt to duly complete the Identity check required for verification of your delivery address and forward to nearest DHL office.

Your shipment will be on hold Until the security check is completed.
Please endeavor to be as accurate as possible to reduce time of clearance and recipient confirmation.

Thank you for using our services.
Best regards,
Ellen Liu.
DHL Express Services

(c) 201-2019 DHL International

1 attachments (total 53.9 KB)

CONFIDENTIALITY NOTICE: This message is from DHL and may contain
confidential business information. It is intended solely for the use of
the individual to whom it is addressed. If you are not the intended
recipient, please contact the sender and delete this message and any
attachment from your system. Unauthorized publication, use,
dissemination, forwarding, printing or copying of this email and its
attachments is strictly prohibited.

A user with a nickname Al Crosby reported it in the comment section of this article.

Do not believe in messages that look suspicious and when you do not recollect if you indeed ordered something described inside the messages. Beware of such scams as they try to look like the delivery brand more convincingly by using similar or the same design as the official site network.

Below you will see how to differentiate the usage of the DHL brand from scams and the real thing. You will also find tips on what to do or not do to avoid getting scammed. You should also scan your computer if malware is causing such messages to show up on your computer screen.

DHL Scams are prominent in August 2019 as much as in the past. They are phishing types of scams that aim to trick you into clicking on links, download malware, and malicious activities. Such scams are mainly pushed via email, as users are not expecting scams in their letters, even if these are located in the spam folder. One variant features the following text:

Subject : Re: DHL Notification / DHL_AWB_0011179303/ ETD


Dear Customer,

We attempted to deliver your item at 2:45 PM on Aug 13th, 2019. (Read enclosed file details)
The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.

If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.

Label Number: (Read enclosed file details)
Class: Package Services
Service(s): (Read enclosed file details)
Status: e-Notification sent

Read the enclosed file for details.

You can use folder explorer to open the folder if it doesn’t open by default.

DHL Customer Service.
2021 © DHL International GmbH. All rights reserved.

If you see the DHL Text Message 2019 then know that it is a scam trying to con you, so you should avoid it.

In February 2019 a new global DHL phishing scam was uncovered carrying the Muncy malware. Computer hackers are using a sender email address, which may be mistaken for coming in from DHL themselves — support[at]dhl[dot]com. It uses the subject line of “DHL SHIPMENT NOTIFICATION” in order to raise attention to its contents. it coerces the recipients into opening malicious attachments containing a script that downloads and executes the dangerous virus. This technique can be used with standalone virus files and infected documents, which can be of all popular types — spreadsheets, presentations, databases, and text documents. When they are opened, a prompt will appear, asking the users to enable the built-in macros to view the contents correctly — this will trigger the malicious payload.

The Muncy Trojan will immediately start to scan the infected machine in order to gather personal information that can reveal information both about the victims and their systems. The data can be categorized into two main types:

  • Victim Information — This is data that can directly reveal the identity of the users by searching for strings such as a person’s name, address, interests, phone number and even any stored account credentials.
  • Machine Identification — Important parameters can be harvested such as installed hardware parts, operating system data and user settings.

Following this, all acquired information will be transferred to the hacker operators via a secure network connection. This Trojan behavior also allows the operators to execute remote code, take over control of the compromised machines, and steal user files.

Older Fake DHL Text Messages

A new wave of DHL scams has been detected that appear as being sent by DHL. The legitimate DHL address is used to target many users at once. The phishing email scam’s goal is to coerce as many victims as possible into clicking on the link in the body contents. This will download an infected document (in most cases a Microsoft Word file), when opened, will request the users to enable the built-in scripts. This will trigger a Trojan infection. The current attack campaign has been configured to deliver the Remcos RAT. In 2019, the Remcos RAT v1.3.7 infections caused numerous infections around the world.

In October 2018, a new wave of DHL scams emerged, possibly being done by another criminal collective. The collected samples associated with it shows that it is not a large-scale attempt. This gives security experts reasons to believe that this may be a test campaign or a small-sized targeted attack. A classic scenario is used by sending email messages that are designed to appear like a legitimate DHL message notification. The following elements are an example of what the messages can include:

  • Misleading Names — The hackers behind the phishing campaign can all use similar sounding domain names to the real DHL site, signature or domain name. In some cases the sent messages can include the recipient’s real name, personal details and etc. harvested through information gathering techniques or bought on the hacker underground forums.
  • Graphics & Design — The criminals can hijack the graphics, layout and overall design from actual DHL messages. They can confuse the users into thinking that they have received a legitimate notification.
  • Required Interaction — Many of the collected samples require the recipients to perform some kind of interaction. This is usually the point where malicious behavior can be observed.

The exact contents of the DHL phishing message is a delivery notification. The body contents read that the users have received a parcel, and they need to download a receipt that is to be given to the courier. A view document is attached, which will lead to malicious behavior. Depending on the individual hacker configuration, there can be several different outcomes.

This can lead to the download of infected malware payloads. In the case of DHL notifications, this is usually a document of any of the popular types: presentations, databases, spreadsheets, or text files. Whenever they are opened, a notification message will be shown, asking the users to enable the built-in scripts. If this is done, a virus infection will follow. In other cases, the virus file can be directly attached and launched.

August, 2018 marks the start for the spread of yet another DHL Phishing scam. The scam consists of a message which is delivered to your e-mail.

You can see it in the below screenshot taken from our Support e-mail Inbox:

The email is around 39 KB in size and its contents are the following:


Dear [recipient’s name is included here]

Your DhI express shipment with waybiII number 813347995 from WKDA it on its way and will require a signature

We got instruction from our client to contact you on the above subject. Below are your Shipping documents/Invoice and copy of DHL receipt for your tracking. Please confirm accordingly if your address is correct, before we submit to our outlet office for dispatch to your regional office.

View Your Shipping Documents/Invoice and Copy of DHL Receipt CLICK HERE:


2018 © DHL International GmbH. All rights reserved.
DHL Corporate
Office. +1 (800) 321-8807 feel free
Visitingaddress: 180 Park Avenue,
Building 105
, PO Box 950, 07932 Florham Park, NJ

UHS of Delaware, Inc. Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited, and may be punishable by law. If this was sent to you in error, please notify the sender by reply email and destroy all copies of the original message.

© 2018 DHL Express | Customer Service |

As you can see, the scam involves a link labeled “CLICK HERE” as well as a telephone number, which if you dial will probably have a cybercriminal on the other line. Not to mention that if you click the telephone number another number might be dialed.

Do not follow any instructions given in such a message. Make sure you are dealing with an official message from DHL and not a phishing scam.

In late March and the beginning of April 2018, another DHL phishing scam emerged. The scam tries to trick users that if they want to track their package, they need to enter their email address and password. This is how the phishing page looks:

As you can clearly see, the design looks really close to that of the original DHL website but it differs. The brand and logo are clearly cropped with some software and pasted on the page. The landing page feels cheap, but if somebody doesn’t look into these details and is expecting a package, might fall for the scam.

DHL Scams – How to Avoid Them in 2021?

In this section, you will find out how to differentiate between DHL Scams and messages from the official DHL brand, following a simple set of rules and guidelines. So, if you are reading this article, you should now know that there is a multitude of scams involving a DHL shipment or parcel notifications. Below you will see what you should research.

Refer to the following link that is of the official page for DHL Fraud Awareness and Prevention.

New scams and fraud attempts will be listed on those official pages under the country you are using the online services of DHL under the Fraud Awarness program which has a slightly different URL for different countries. For examples, for Serbia, the letters sr would be added at the back of the url, while the main address will remain.

As you now know about the existence of the scams and the official page of DHL Fraud Awareness, refer to the following guidelines on how to avoid most scams related to the shipping brand:

  • Never pay before your goods get delivered
  • Do not provide any details about you, your addresses or similar information via email or unknown Websites
  • Do not open email attachments, as DHL does not send such, neither it requests users to open such
  • Always use DHL.com to refer to pages in connection with the service
  • Avoid messages with grammatical or typographical errors
  • Avoid emails that are not addressed to you by name
  • Avoid messages sent by a service you don’t expect to hear from
  • Avoid messages that do not include a tracking number or specific details about your order or address
  • Avoid clicking on links to provide your email address for verification
  • Avoid payments to someone whose identity you can’t confirm

The guideline rules listed above were constructed by the SensorsTechForum team via research done on the matter. These rules are based on common sense and depending on the various scams related to DHL.

Some of these scams related to DHL can be removed by closing the message or browser. In case the scam pages continue to bother you even after that, then you probably have something else on your computer generating them.

How to Get Rid of DHL Scams Completely

All that is required to remove some scams is to ignore the message, never respond to it and delete it. Other scams require a bit of action, such as thoroughly scanning your computer machine with security software to determine whether you have some malware component that is pushing spoofed messages to your computer, browser, or email address.

We highly recommend that all computer users scan their system for active infections and malware using a security program. That could prevent many malicious actions and stop malware from distributing further.


Malware Removal Tool

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Follow Me:

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

How to Remove DHL Phishing Scams from Windows.

Step 1: Boot Your PC In Safe Mode to isolate and remove DHL Phishing Scams


Manual Removal Usually Takes Time and You Risk Damaging Your Files If Not Careful!
We Recommend To Scan Your PC with SpyHunter

Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter's EULA, Privacy Policy and Threat Assessment Criteria

1. Hold Windows key + R

2. The "Run" Window will appear. In it, type "msconfig" and click OK.
boot your pc in safe mode step 1

3. Go to the "Boot" tab. There select "Safe Boot" and then click "Apply" and "OK".

boot your pc in safe mode step 2

Tip: Make sure to reverse those changes by unticking Safe Boot after that, because your system will always boot in Safe Boot from now on.

4. When prompted, click on "Restart" to go into Safe Mode.
boot your pc in safe mode step 3

5. You can recognise Safe Mode by the words written on the corners of your screen.
boot your pc in safe mode step 4

Step 2: Uninstall DHL Phishing Scams and related software from Windows

Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it. To do that:

1. Hold the Windows Logo Button and "R" on your keyboard. A Pop-up window will appear.

boot your pc in safe mode step 5

2. In the field type in "appwiz.cpl" and press ENTER.

boot your pc in safe mode step 6

3. This will open a window with all the programs installed on the PC. Select the program that you want to remove, and press "Uninstall"
boot your pc in safe mode step 7Follow the instructions above and you will successfully uninstall most programs.

Step 3: Clean any registries, created by DHL Phishing Scams on your computer.

The usually targeted registries of Windows machines are the following:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

You can access them by opening the Windows registry editor and deleting any values, created by DHL Phishing Scams there. This can happen by following the steps underneath:

1. Open the Run Window again, type "regedit" and click OK.clean malicious registries step 1

2. When you open it, you can freely navigate to the Run and RunOnce keys, whose locations are shown above.

clean malicious registries step 2

3. You can remove the value of the virus by right-clicking on it and removing it.

clean malicious registries step 3 Tip: To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value.

Before starting "Step 4", please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Step 4: Scan for DHL Phishing Scams with SpyHunter Anti-Malware Tool

1. Click on the "Download" button to proceed to SpyHunter's download page.

It is recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter. Click on the corresponding links to check SpyHunter's EULA, Privacy Policy and Threat Assessment Criteria.

2. After you have installed SpyHunter, wait for it to update automatically.

SpyHunter Install and Scan for Viruses Step 1

3. After the update process has finished, click on the 'Malware/PC Scan' tab. A new window will appear. Click on 'Start Scan'.

SpyHunter Install and Scan for Viruses Step 2

4. After SpyHunter has finished scanning your PC for any files of the associated threat and found them, you can try to get them removed automatically and permanently by clicking on the 'Next' button.

SpyHunter Install and Scan for Viruses Step 3

If any threats have been removed, it is highly recommended to restart your PC.

Video Removal Guide for DHL Phishing Scams (Windows).

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

Get rid of DHL Phishing Scams from Mac OS X.

Step 1: Uninstall DHL Phishing Scams and remove related files and objects

Manual Removal Usually Takes Time and You Risk Damaging Your Files If Not Careful!
We Recommend To Scan Your Mac with SpyHunter for Mac
Keep in mind, that SpyHunter for Mac needs to purchased to remove the malware threats. Click on the corresponding links to check SpyHunter’s EULA and Privacy Policy

1.Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
uninstall virus from mac step 1

2. Find Activity Monitor and double-click it:

uninstall virus from mac step 2

3.In the Activity Monitor look for any suspicious processes, belonging or related to DHL Phishing Scams:

uninstall virus from mac step 3

Tip: To quit a process completely, choose the “Force Quit” option.

uninstall virus from mac step 4

4.Click on the "Go" button again, but this time select Applications. Another way is with the ⇧+⌘+A buttons.

5.In the Applications menu, look for any suspicious app or an app with a name, similar or identical to DHL Phishing Scams. If you find it, right-click on the app and select “Move to Trash”.

uninstall virus from mac step 5

6: Select Accounts, after which click on the Login Items preference.

Your Mac will then show you a list of items that start automatically when you log in. Look for any suspicious apps identical or similar to DHL Phishing Scams. Check the app you want to stop from running automatically and then select on the Minus (“-“) icon to hide it.

7: Remove any left-over files that might be related to this threat manually by following the sub-steps below:

  • Go to Finder.
  • In the search bar type the name of the app that you want to remove.
  • Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
  • If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.

In case you cannot remove DHL Phishing Scams via Step 1 above:

In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:

Disclaimer! If you are about to tamper with Library files on Mac, be sure to know the name of the virus file, because if you delete the wrong file, it may cause irreversible damage to your MacOS. Continue on your own responsibility!

1: Click on "Go" and Then "Go to Folder" as shown underneath:

uninstall virus from mac step 6

2: Type in "/Library/LauchAgents/" and click Ok:

uninstall virus from mac step 7

3: Delete all of the virus files that have similar or the same name as DHL Phishing Scams. If you believe there is no such file, do not delete anything.

uninstall virus from mac step 8

You can repeat the same procedure with the following other Library directories:

→ ~/Library/LaunchAgents

Tip: ~ is there on purpose, because it leads to more LaunchAgents.

Step 2: Scan for and remove DHL Phishing Scams files from your Mac

When you are facing problems on your Mac as a result of unwanted scripts and programs such as DHL Phishing Scams, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.

Click the button below below to download SpyHunter for Mac and scan for DHL Phishing Scams:


SpyHunter for Mac

Video Removal Guide for DHL Phishing Scams (Mac)

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

Remove DHL Phishing Scams from Google Chrome.

Step 1: Start Google Chrome and open the drop menu

Google Chrome removal guide step 1

Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"

Google Chrome removal guide step 2

Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.

Google Chrome removal guide step 3

Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

Erase DHL Phishing Scams from Mozilla Firefox.

Step 1: Start Mozilla Firefox. Open the menu window:

Mozilla Firefox removal guide step 1

Step 2: Select the "Add-ons" icon from the menu.

Mozilla Firefox removal guide step 2

Step 3: Select the unwanted extension and click "Remove"

Mozilla Firefox removal guide step 3

Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

Uninstall DHL Phishing Scams from Microsoft Edge.

Step 1: Start Edge browser.

Step 2: Open the drop menu by clicking on the icon at the top right corner.

Edge Browser removal guide step 2

Step 3: From the drop menu select "Extensions".

Edge Browser removal guide step 3

Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.

Edge Browser removal guide step 4

Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.

Edge Browser removal guide step 5

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

Remove DHL Phishing Scams from Safari.

Step 1: Start the Safari app.

Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.

Step 3: From the menu, click on "Preferences".

Safari browser removal guide step 3

Step 4: After that, select the 'Extensions' Tab.

Safari browser removal guide step 4

Step 5: Click once on the extension you want to remove.

Step 6: Click 'Uninstall'.

Safari browser removal guide step 5

A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the DHL Phishing Scams will be removed.

How to Reset Safari
IMPORTANT: Before resetting Safari make sure you back up all your saved passwords within the browser in case you forget them.

Start Safari and then click on the gear leaver icon.

Click the Reset Safari button and you will reset the browser.

Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer Stop Push Pop-ups

Eliminate DHL Phishing Scams from Internet Explorer.

Step 1: Start Internet Explorer.

Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'

Internet Explorer browser removal guide step 2

Step 3: In the 'Manage Add-ons' window.
Internet Explorer browser removal guide step 3

Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.

Internet Explorer browser removal guide step 4

Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.

Remove Push Notifications caused by DHL Phishing Scams from Your Browsers.

Turn Off Push Notifications from Google Chrome

To disable any Push Notices from Google Chrome browser, please follow the steps below:

Step 1: Go to Settings in Chrome.

Google Chrome - Disable Push Notifications Step 1

Step 2: In Settings, select “Advanced Settings”:

Google Chrome - Disable Push Notifications Step 2

Step 3: Click “Content Settings”:

Google Chrome - Disable Push Notifications Step 3

Step 4: Open “Notifications”:

Google Chrome - Disable Push Notifications Step 4

Step 5: Click the three dots and choose Block, Edit or Remove options:

Google Chrome - Disable Push Notifications Step 5

Remove Push Notifications on Firefox

Step 1: Go to Firefox Options.

Mozilla Firefox - Disable Push Notifications Step 1

Step 2: Go to “Settings”, type “notifications” in the search bar and click "Settings":

Mozilla Firefox - Disable Push Notifications Step 2

Step 3: Click “Remove” on any site you wish notifications gone and click “Save Changes”

Mozilla Firefox - Disable Push Notifications Step 3

Stop Push Notifications on Opera

Step 1: In Opera, press ALT+P to go to Settings.

Opera - Disable Push Notifications Step 1

Step 2: In Setting search, type “Content” to go to Content Settings.

Opera - Disable Push Notifications Step 2

Step 3: Open Notifications:

Opera - Disable Push Notifications Step 3

Step 4: Do the same as you did with Google Chrome (explained below):

Opera - Disable Push Notifications Step 4

Eliminate Push Notifications on Safari

Step 1: Open Safari Preferences.

Safari Browser - Disable Push Notifications Step 1

Step 2: Choose the domain from where you like push pop-ups gone and change to "Deny" from "Allow".

DHL Phishing Scams-FAQ

What Is DHL Phishing Scams?

The DHL Phishing Scams threat is adware or browser redirect virus. It may slow your computer down significantly and display advertisements. The main idea is for your information to likely get stolen or more ads to appear on your device.

The creators of such unwanted apps work with pay-per-click schemes to get your computer to visit risky or different types of websites that may generate them funds. This is why they do not even care what types of websites show up on the ads. This makes their unwanted software indirectly risky for your OS.

What Are the Symptoms of DHL Phishing Scams?

There are several symptoms to look for when this particular threat and also unwanted apps in general are active:

Symptom #1: Your computer may become slow and have poor performance in general.

Symptom #2: You have toolbars, add-ons or extensions on your web browsers that you don't remember adding.

Symptom #3: You see all types of ads, like ad-supported search results, pop-ups and redirects to randomly appear.

Symptom #4: You see installed apps on your Mac running automatically and you do not remember installing them.

Symptom #5: You see suspicious processes running in your Task Manager.

If you see one or more of those symptoms, then security experts recommend that you check your computer for viruses.

What Types of Unwanted Programs Are There?

According to most malware researchers and cyber-security experts, the threats that can currently affect your Mac can be the following types:

  • Rogue Antivirus programs.
  • Adware.
  • Browser hijackers.
  • Clickers.
  • Fake optimizers.

What to Do If I Have a "virus" like DHL Phishing Scams?

Do not panic! You can easily get rid of most adware or unwanted programs by firstly isolating them and then removing them from your browser and computer. One recommended way to do that is by using a reputable malware removal software that can take care of the removal automatically for you. There are many anti-malware apps out there that you can choose from. SpyHunter is one of the recommended anti-malware apps that can scan your computer for free and detect any viruses, tracking cookies and unwanted adware apps and eliminate them quickly. This saves time when compared to doing the removal manually.

How to Secure My Passwords and Other Data from DHL Phishing Scams?

With few simple actions. First and foremost, it is imperative that you follow these steps:

Step 1: Find a safe computer and connect it to another network, not the one that your Mac was infected in.

Step 2: Change all of your passwords, starting from your email passwords.

Step 3: Enable two-factor authentication for protection of your important accounts.

Step 4: Call your bank to change your credit card details (secret code, etc.) if you have saved your credit card for online shopping or have done online activities with your card.

Step 5: Make sure to call your ISP (Internet provider or carrier) and ask them to change your IP address.

Step 6: Change your Wi-Fi password.

Step 7: (Optional): Make sure to scan all of the devices connected to your network for viruses and repeat these steps for them if they are affected.

Step 8: Install anti-malware software with real-time protection on every device you have.

Step 9: Try not to download software from sites you know nothing about and stay away from low-reputation websites in general.

If you follow these recommendations, your network and all devices will become significantly more secure against any threats or information invasive software and be virus free and protected in the future too.

More tips you can find on our website, where you can also ask any questions and comment underneath the articles about your computer problems. We will try to respond as fast as possible.

How Does DHL Phishing Scams Work?

The DHL Phishing Scams threat is typically installed as part of another application that you may have downloaded from the internet. Unwanted apps are often disguised as helpful programs, such as browser add-ons or toolbars, but they can also be included in software downloads without your knowledge.

Threats such as DHL Phishing Scams can also be installed through malicious websites, email attachments, and other dubious sources. Once installed, DHL Phishing Scams can collect data about your web browsing habits, such as the websites you visit and the search terms you use. This data is then used to target you with ads or to sell your information to third parties. DHL Phishing Scams can also download other malicious software onto your computer, such as viruses and spyware, which can be used to steal your personal information.

Is DHL Phishing Scams Malware?

If you have noticed DHL Phishing Scams on your computer, you may be wondering if it is considered malware. The answer is yes, it is possible for an unwanted program to be classified as malware.

Many security experts classify potentially unwanted programs as malware. This is because of the unwanted effects that PUPs can cause, such as displaying intrusive ads and collecting user data without the user’s knowledge or consent. The best way to protect your computer from PUPs is to be careful when downloading software from the internet. Be sure to read the terms of service and privacy policies before downloading any software, and be wary of any suspicious download links or ads.

About the DHL Phishing Scams Research

The content we publish on SensorsTechForum.com, this DHL Phishing Scams how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific, adware-related problem, and restore your browser and computer system.

How did we conduct the research on DHL Phishing Scams?

Please note that our research is based on independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware, adware, and browser hijacker definitions.
Furthermore, the research behind the DHL Phishing Scams threat is backed with VirusTotal.
To better understand this online threat, please refer to the following articles which provide knowledgeable details.


1.Browser Redirect – What Is It?
2.Adware Is Malicious, and It Uses Advanced Techniques to Infect
3.The Thin Red Line Between Potentially Unwanted Programs and Malware
4.The Pay-Per-Install Affiliate Business – Making Millions out of Adware
5.Malicious Firefox Extensions Installed by 455,000 Users Blocked Updates

  1. Al Crosby

    Another example

    Dear customer,

    Your Shipment has just arrived at our Regional Office and ready for delivery today, but we were unable to confirm your delivery address.

    Please Download and print the attached receipt to duly complete the Identity check required for verification of your delivery address and forward to nearest DHL office.

    Your shipment will be on hold Until the security check is completed.
    Please endeavor to be as accurate as possible to reduce time of clearance and recipient confirmation.

    Thank you for using our services.
    Best regards,
    Ellen Liu.
    DHL Express Services

    (c) 201-2019 DHL International

    1 attachments (total 53.9 KB)

    CONFIDENTIALITY NOTICE: This message is from DHL and may contain
    confidential business information. It is intended solely for the use of
    the individual to whom it is addressed. If you are not the intended
    recipient please contact the sender and delete this message and any
    attachment from your system. Unauthorized publication, use,
    dissemination, forwarding, printing or copying of this E-Mail and its
    attachments is strictly prohibited.

  2. vanessa

    i’ve just been a victim of this.. and i think this malware is still doing its rounds as of this writing..

    1. Milena Dimitrova

      Hi Vanessa,

      Can you provide more details on how the infection happened?

  3. Cecilia

    Espero una entrega pero los mails que me llegan no dicen ni el asunto ni hay membrete de DHL y no sé si es veridico

    1. Tsetso Mihailov (Post author)

      If the email does not state DHL or the official site of DHL it is fake. Even if the official website is used, there is also a chance that it is fake. If you ordered something, check the official DHL site for your delivery details and package, without clicking on any URLs from your email.

  4. Liege

    Hola. Quiero anunciar lo que me pasó. Estoy vendiendo algunos articulos de segunda mano en wallapop y me escribe una persona que ya no esta disponible su perfil en la app, diciendo que quiere comprar el articulo y hay que mandarle un correo electronico, después pregunta si acepto pago contrarrembolso atraves de DHL, aceptando darle el nombre , direccion y valor del artículo. Me manda un correo en seguida como si fuera de DHL diciendo que tengo que pagar 200€ en concepto de gastos de seguro por adelantado comprando en un estanco 2 codigos de neosurf de 100€ y enviar al correo fraudulento supuesto DhL falso los codigos para hacer el envio y que después me devolvería dicho importe de gastos de seguro. En el correo hay un enlace para pinchar para confirmar la direccion.
    Nombre fraudulenta: angelique monnier

  5. IRUMA

    A mi me ha pasado lo mismo yo vendia un bolso y una persona a nombre Choé Priscilla Tapin a través de wallapop contactó conmigo por mail,me izo darle los datos nombre, dirección y telefono. Quedamos que me pagaria el precio del bolso y 100€ aparte en concepto de un seguro, que yo tendria que pagar previamente comprando tarjetas NEOSURF en un estanco, libreria.. por valor de 100€ y enviar los codigos al mail de DHL que me enviaron. La suerte es que estas tarjetas no existen, llamé a DHL i me confirmaron el fraude. He enviado todos los correos a atención al cliente de DHL y lo están investigando.

    el correo es

  6. Cassandra B.

    I just got a phishing text from “dhl” saying my package (Gb-6412-gh83) is available and waiting for me to set delivery preferences! I just ordered a whole bunch of stuff gym Wal-Mart so I’m afraid I’ve got a problem! First of all, is malware adaptable across multiple devices? Secondly, all of these prevention and correction steps are for a cpu…what about smartphones?

    1. Tsetso Mihailov (Post author)

      It looks like you definitely got one of these pesky DHL fake messages. Me and my colleagues haven’t seen the DHL related malware to adapt in such a way. If a device has it, that’s it. But malware is ever evolving so I cannot be completely sure.

      For a smartphone, the infection is usually not that deep. If you clear browser cache and settings you should stop seeing the message. If that is not enough, maybe there is an application (an app) installed that keeps pushing the messages. Try to find any apps that seem weird to you and that are recently installed and remove them. Plus, there are free anti-virus programs for phones.

      Good luck with the removal and keep us posted.

    2. Kristen M.

      My husband got the exact same text with the exact same tracking code! DEFINITELY a scam!

  7. CH

    Wanna share that I just received a text from “UPS” with the exact same tracking number (GB-6412-GH83). So if anything these “hackers” aren’t adept enough to change it up. I’m glad I googled it, because you can find others posting this exact tracking number online in other fake call/text websites as well. just want to add my comment so people know it’s not just a “DHL” scam.

  8. karina

    Se pone en contacto una posible clienta a traves de wallapop.Me pide q contactemos por mail. El suyo, falso,supongo, es . Me dice que le interesa mucho el articulo y rápido.Esta dispuesta a pagarme casi el doble y que vendran a mi casa a buscarlo.Genial. Enseguida recibo un correo supuestamente de DHL con mis datos (me los ha pedido ella antes)y q hay un seguro de envio de 200 euros q ha pagado la Sra,y q yo tengo q ir al estanco a comprar 2 recargas de neosurf q me seran reembolsadas en el momento de venir a recoger el paquete …yo no entiendo nada.Y empieza el acoso por whatsapp, desde el numero 33 644 67 03 84.Insiste en que ella ya ha pagado y yo haga lo q me dicen “los de DHL”…

  9. Engelbert

    it still happening right now actually i got an email said,

    your package is found, the order has been block in terminal C82

    sending from terminal C82

    note : pls enter address and pay freight on next page
    shipping with City-Express via DHL

    when i try to open on my desktop is invalid and i read it this forum is is true,
    they asking your personal identity and your credit card to pay for shipment for the phone that I’ve won during their raffle. not just an ordinary phone its an Iphone 11as they said, im confuse thats why i opened and read this article luckily i did not try or put my info and credit card.

  10. S van Dijk


    Ik heb een sms gekregen van DHL dat een pakket bij het distributie centrum ligt maar niet wordt geleverd omdat er te weinig porto is betaalt o.i.d. Is dit ook een bekende oplichting tacktiek?

    Vriendelijke groet,
    S van Dijk

  11. Chris Keating

    Just got one of these, tried to report it to DHL – what a joke! Their “Fraud Awareness” page has a “Phishing” link, which leads directly to a “Contact Us” page, which doesn’t give the option of reporting phishing…

    1. SB

      I had the same experience. Thought DHL would care about fraud using their name. Instead, they sent me a reply telling me to report it to other organisations. Useless.

      DHL Scam emails (in New Calendonia & Australia) asking for money to deliver package used this number: 00340434139185930097.

      Beware of:
      “nordparcelt” address – it’s a fake DHL site used to get your details/money & send malware.
      “freshdesk.com” – the server used by the DHL scammer and many other scammers.
      “serviplast” – the scammer’s websites

      Fake sites & phoenix companies linked to the DHL scam in (NSW) Australia:
      “Barloggio.net.au”, ‘jrt.net.au’ and “Ted Cullen” – fake dog breeder (phishing) sites that operate on dogzonline.com.au
      “Infobahn”, ‘Connect Infobahn’ and ‘CIA Business Solutions’
      “Bucan Holdings Pty Ltd’ (ABN 90003737040)
      ‘Adventurers Realm’

  12. Hunter W

    I got a text message that said I have a delivery from Hong Kong due on the 3rd of April. I didn’t click the link but I did google DHL and enter the tracking info and it showed me everything. is DHL even a real company? I didn’t order any thing. It seemed to let me change the shipping address as a guess user without typing my email. It sent me a verification text too.


Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree