DHL scam is connected to some fake delivery notice text message. DHL scams, including related emails, messages, and websites, are shown in this article. If you see a suspicious DHL text message 2021 know that it is a DHL phishing scam from a Fake sender. If you suspect your computer device to be infected, scan your system with a security program.
DHL Scams are quite widespread across the World. From specially crafted websites that push such scams, to specific messages sent to targeted email addresses, the DHL brand has been used in DHL scams for nefarious reasons. Such reasons include stealing DHL credentials, personal information, or pushing malware with a hidden agenda in most cases.
More and more users fall victim to these scams as they are recurring and keep reappearing every few months. That is due to the fact that every new variant of a scam tends to mimic DHL closer than before, making it more believable with each new attempt.
Ultimately, you will be asked to login or visit a URL address and do some action or pay for a shipment via another service. You should avoid any links other than the official DHL ones, and you will see how you can differentiate between them and the ones used in scams in this article.
DHL Phishing Scams Summary
|Type||Phishing, PUP, malware|
|Short Description||Phishing messages trying to trick you into clicking links to get redirected. Once redirected you will be asked to do an action, such as providing personal details, data about credential information or fill in a form. In some cases, clicking a link will download malware on your PC.|
|Symptoms||You receive an e-mail message that is allegedly from DHL. You will be urged to click on a link. You can then get malware on your computer or get redirected from link to a landing page mimicking the DHL website asking you to fill in information.|
|Distribution Method||Phishing Emails, Pop-up messages, Redirects|
See If Your System Has Been Affected by malware
Malware Removal Tool
November 2021 DHL Phishing Messages Update
Check Point Research staff made a thorough analysis of the popular phishing scams that are being used against web users the most. It appears that the top places are held by Microsoft and DHL. According to their statistical information, the main point-of-intrusion includes email messages and brand impersonation techniques.
To a large extent, these attacks are becoming more and more prevalent due to the rise of remote workers amidst the COVID-19 pandemic. Some of the detection techniques which are used to identify potentially fake DHL messages rely on the checking of several attributes. The phishing email messages may notify the recipients that they are receiving a shipment without quoting a valid tracking number.
A principle method that is widely practiced by hacking groups is the manipulation of users into making them open files, making them believe that this is required in order to show the tracking number. In reality, this will lead to a virus code execution.
Another frequent DHL-related fraud is the sending out of notifications that ask for payment of goods prior to the delivery. The company does not collect payment of goods ordered from merchants.
DHL Fake Delivery Notice Text Message
Most times, a fake delivery notice text message is delivered via DHL scam emails. Such emails are more frequent than in the past as users order online more these days. Users are reporting DHL Text messages inside scam emails by the dozen. The modus operandi of the DHL scam emails has not changed drastically, although a phone number might be involved, making for a DHL scam call every once in a while. If you have any doubt and if the emails you have received are indeed DHL scam emails , look no further – in this article, we have gathered the most common of these scams, what they do and how to protect yourself from them.
DHL Scams – Distribution Ways
Those might distribute via a third-party installation setup. Applications connected to DHL Scams can intrude your computer, without your knowledge of that. Installer setups like those could be set by default to install additional components. Bundled packages and freeware setups regarded as PUPs could be distributed and push scam messages to your PC and browsers. To avoid installing unwanted applications, you can to search for the Custom or Advanced settings. If you find such, you could probably deselect anything you do not want on your machine.
Note! These types of DHL Scams were seen to be pushed via e-mail address messages on a large scale as seen on the below screenshot. Beware of any messages that have links to DHL services that you don’t remember using.
DHL Scams might distribute itself by using similar websites that are hosting phishing landing pages. Websites like those use the DHL brand without permission, and to an extent, you might not differentiate the original with the fake website. Clicking on just one redirect link or an advertisement could send malware to your computer system. Banners, pop-ups, and more kinds of adverts could be placed on top of browser pages to push more links and phishing messages. Any browser could be affected and any operating system for that matter.
Many scams related to DHL are circling the Internet nowadays and seem to increase every month. This article will reveal the vast majority of scam types, which suggest that you have to use the DHL Service in some way or form to receive some shipment or reward via the service. The scam is not exactly new as versions of it can be observed from years ago. Although, every year, the scam gets more and more sophisticated and has built higher popularity amongst users. People that fall victim to such scams are surprisingly growing instead of decreasing.
Websites that are hosting such DHL Scams can load pop-ups and other advertising content as you are browsing to help popularize it. Heaps of advertisements might show, promoting a way to obtain a shipment or something else via the DHL brand.
DHL Scams – Ursnif Malware Delivery
When this is done, the infection script downloads a dropper, which will first generate a lot of Internet traffic that may seem random. This is done in order to make detection more difficult.
In the end, the dropper will download and extract an extract a second-stage file. It will establish a connection with a hacker-controlled server, which uses signatures that are identical with Ursnif malware samples. Further information about the Ursnif malware samples detected in the DHL scams reveals that the third-stage of the malware also installs itself as a persistent threat. This means that it will manipulate the Windows Registry, making it very hard to remove.
This infection allows the hackers not only to spy on the users but also execute commands, hijack their data and take over control of their machines at any given time.
“DHL Parcel Arrival Notification” Scam
This scam is a recurring one, which means that it keeps showing up, year after year, months after months. The scam shows you a notification of a “DHL Parcel Arrival“.
You can preview a variant of the DHL Parcel Arrival scam message below:
From the above image, you can see an email message with stating that you have a DHL Parcel awaiting delivery. That message can also be sent via SMS to targeted phone numbers, containing nearly the same message. Here is what such a message contains:
From: DHL Express [fake mail redacted]
Date: Sat 20/05/2017 14:37
Subject: Attention: You have 1 New Parcel for delivery
You have 1 New Parcel for delivery. Our courier was unable to deliver the parcel to you due to incorrect delivery details.
To receive your parcel, Please see and check attached shipping documents.
CLICK HERE TO VIEW STATUS
With kind regards, DHL Express
CONFIDENTIALITY CAUTION: This message is intended only for the use of the individual or entity to whom it is addressed and may be confidential in nature. If you are not the intended recipient, please notify us immediately by return email, and please do delete this message. You should not disseminate, distribute, copy, or disclose any information contained herein to any third party. **Please consider the environment before printing this email**
Somewhere inside the message there will be a link. That link may look like the official URL address of the DHL service but do not get fooled. The link will redirect you to a phishing page that may look very similar to a legitimate DHL-hosted page, but has a suspicious URL that is not located on the official domain. In this case, the link shown above will land you on a page with a long address, such aa one with lots of symbols like numbers and random letters, as seen in the below screenshot:
Afterward, you will be prompted to enter your email address and password to the DHL service. In case you are wondering why, it is due to the fact that the cybercriminals want to steal your DHL account and related online identity. If you proceed and enter both of these details, you will be redirected with a message that you have entered an “invalid password”, tempting you to enter your details “correctly” and carefully. If you go the rounds one more time, you will get the following page to display:
Here is where you should get suspicious. Why would the company need your address sent again, if you indeed ordered something? In case you did not get suspicious and went on and filled the details on that page as well, you will finally get redirected to the official page of the DHL website. You should be wary of any such websites, and if you doubt the contents of a message that is supposedly from DHL you should ask your family household if anybody ordered something via the service or login by entering the official URL into the address bar.
“DHL Shipment Notification” Scams
The DHL Scams have many variations, but what you will see the most are the following messages, displayed in the below screenshots:
” DHL Shipment Notification” scams will generate an email message with content of something in the lines of the following:
From: DHL Customer Support [support fake email]
Date: Thu 30/03/2017 14:58
Subject: DHL Shipment Notification : 1860915879
Notification for shipment event group “Delivered” for Thu, 30 Mar 2017 14:57:31 +0100.
AWB Number: 1860915879 Pickup Date: Thu, 30 Mar 2017 14:57:31 +0100 Service: N Pieces: 2 Cust. Ref: G Description: DOMESTIC EXPRESS
Ship From: Ship To:
NBL S. A. NA * – 49796 NA
EVENT CATEGORY Thu, 30 Mar 2017 14:57:31 +0100 – Shipment delivered – Signed By – M C
Shipment status may also be obtained from our Internet site in USA under [fake URL address] or Globally under [fake URL address]
Please do not reply to this email. This is an automated application used only for sending proactive notifications.
You are receiving this email because a notification is configured to receive notifications from Proview.
However, most of the time, these messages aim to do the same procedure as the one previously described on the “Parcel” type of scam. That procedure involves redirecting you to a phishing landing Web page and stealing your information (including personal data and credential details). After you input the details on any similar page, you will get your DHL account hijacked, or even worse – your identity is stolen and used for other online purchases.
Another Phishing Scam that has been seen in July 2018 is the following email:
Your Shipment has just arrived at our Regional Office and ready for delivery today, but we were unable to confirm your delivery address.
Please Download and print the attached receipt to duly complete the Identity check required for verification of your delivery address and forward to nearest DHL office.
Your shipment will be on hold Until the security check is completed.
Please endeavor to be as accurate as possible to reduce time of clearance and recipient confirmation.
NOTE: IF YOUR PACKAGE IS NOT DELIVERED OR PICKED UP WITHIN 48 HOURS, IT
WILL BE RETURNED TO THE SENDER. CONTACT US FOR FURTHER ASSISTANCE
Thank you for using our services.
DHL Express Services
(c) 201-2019 DHL International
1 attachments (total 53.9 KB)
CONFIDENTIALITY NOTICE: This message is from DHL and may contain
confidential business information. It is intended solely for the use of
the individual to whom it is addressed. If you are not the intended
recipient, please contact the sender and delete this message and any
attachment from your system. Unauthorized publication, use,
dissemination, forwarding, printing or copying of this email and its
attachments is strictly prohibited.
A user with a nickname Al Crosby reported it in the comment section of this article.
Do not believe in messages that look suspicious and when you do not recollect if you indeed ordered something described inside the messages. Beware of such scams as they try to look like the delivery brand more convincingly by using similar or the same design as the official site network.
Below you will see how to differentiate the usage of the DHL brand from scams and the real thing. You will also find tips on what to do or not do to avoid getting scammed. You should also scan your computer if malware is causing such messages to show up on your computer screen.
DHL Scams are prominent in August 2019 as much as in the past. They are phishing types of scams that aim to trick you into clicking on links, download malware, and malicious activities. Such scams are mainly pushed via email, as users are not expecting scams in their letters, even if these are located in the spam folder. One variant features the following text:
Subject : Re: DHL Notification / DHL_AWB_0011179303/ ETD
We attempted to deliver your item at 2:45 PM on Aug 13th, 2019. (Read enclosed file details)
The delivery attempt failed because nobody was present at the shipping address, so this notification has been automatically sent.
If the parcel is not scheduled for re-delivery or picked up within 72 hours, it will be returned to the sender.
Label Number: (Read enclosed file details)
Class: Package Services
Service(s): (Read enclosed file details)
Status: e-Notification sent
Read the enclosed file for details.
You can use folder explorer to open the folder if it doesn’t open by default.
DHL Customer Service.
2021 © DHL International GmbH. All rights reserved.
If you see the DHL Text Message 2019 then know that it is a scam trying to con you, so you should avoid it.
In February 2019 a new global DHL phishing scam was uncovered carrying the Muncy malware. Computer hackers are using a sender email address, which may be mistaken for coming in from DHL themselves — support[at]dhl[dot]com. It uses the subject line of “DHL SHIPMENT NOTIFICATION” in order to raise attention to its contents. it coerces the recipients into opening malicious attachments containing a script that downloads and executes the dangerous virus. This technique can be used with standalone virus files and infected documents, which can be of all popular types — spreadsheets, presentations, databases, and text documents. When they are opened, a prompt will appear, asking the users to enable the built-in macros to view the contents correctly — this will trigger the malicious payload.
The Muncy Trojan will immediately start to scan the infected machine in order to gather personal information that can reveal information both about the victims and their systems. The data can be categorized into two main types:
- Victim Information — This is data that can directly reveal the identity of the users by searching for strings such as a person’s name, address, interests, phone number and even any stored account credentials.
- Machine Identification — Important parameters can be harvested such as installed hardware parts, operating system data and user settings.
Following this, all acquired information will be transferred to the hacker operators via a secure network connection. This Trojan behavior also allows the operators to execute remote code, take over control of the compromised machines, and steal user files.
Older Fake DHL Text Messages
A new wave of DHL scams has been detected that appear as being sent by DHL. The legitimate DHL address is used to target many users at once. The phishing email scam’s goal is to coerce as many victims as possible into clicking on the link in the body contents. This will download an infected document (in most cases a Microsoft Word file), when opened, will request the users to enable the built-in scripts. This will trigger a Trojan infection. The current attack campaign has been configured to deliver the Remcos RAT. In 2019, the Remcos RAT v1.3.7 infections caused numerous infections around the world.
In October 2018, a new wave of DHL scams emerged, possibly being done by another criminal collective. The collected samples associated with it shows that it is not a large-scale attempt. This gives security experts reasons to believe that this may be a test campaign or a small-sized targeted attack. A classic scenario is used by sending email messages that are designed to appear like a legitimate DHL message notification. The following elements are an example of what the messages can include:
- Misleading Names — The hackers behind the phishing campaign can all use similar sounding domain names to the real DHL site, signature or domain name. In some cases the sent messages can include the recipient’s real name, personal details and etc. harvested through information gathering techniques or bought on the hacker underground forums.
- Graphics & Design — The criminals can hijack the graphics, layout and overall design from actual DHL messages. They can confuse the users into thinking that they have received a legitimate notification.
- Required Interaction — Many of the collected samples require the recipients to perform some kind of interaction. This is usually the point where malicious behavior can be observed.
The exact contents of the DHL phishing message is a delivery notification. The body contents read that the users have received a parcel, and they need to download a receipt that is to be given to the courier. A view document is attached, which will lead to malicious behavior. Depending on the individual hacker configuration, there can be several different outcomes.
This can lead to the download of infected malware payloads. In the case of DHL notifications, this is usually a document of any of the popular types: presentations, databases, spreadsheets, or text files. Whenever they are opened, a notification message will be shown, asking the users to enable the built-in scripts. If this is done, a virus infection will follow. In other cases, the virus file can be directly attached and launched.
August, 2018 marks the start for the spread of yet another DHL Phishing scam. The scam consists of a message which is delivered to your e-mail.
You can see it in the below screenshot taken from our Support e-mail Inbox:
The email is around 39 KB in size and its contents are the following:
Dear [recipient’s name is included here]
Your DhI express shipment with waybiII number 813347995 from WKDA it on its way and will require a signature
We got instruction from our client to contact you on the above subject. Below are your Shipping documents/Invoice and copy of DHL receipt for your tracking. Please confirm accordingly if your address is correct, before we submit to our outlet office for dispatch to your regional office.
View Your Shipping Documents/Invoice and Copy of DHL Receipt CLICK HERE:
2018 © DHL International GmbH. All rights reserved.
Office. +1 (800) 321-8807 feel free
Visitingaddress: 180 Park Avenue,
Building 105 , PO Box 950, 07932 Florham Park, NJ
UHS of Delaware, Inc. Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this information is prohibited, and may be punishable by law. If this was sent to you in error, please notify the sender by reply email and destroy all copies of the original message.
© 2018 DHL Express | Customer Service |
As you can see, the scam involves a link labeled “CLICK HERE” as well as a telephone number, which if you dial will probably have a cybercriminal on the other line. Not to mention that if you click the telephone number another number might be dialed.
Do not follow any instructions given in such a message. Make sure you are dealing with an official message from DHL and not a phishing scam.
In late March and the beginning of April 2018, another DHL phishing scam emerged. The scam tries to trick users that if they want to track their package, they need to enter their email address and password. This is how the phishing page looks:
As you can clearly see, the design looks really close to that of the original DHL website but it differs. The brand and logo are clearly cropped with some software and pasted on the page. The landing page feels cheap, but if somebody doesn’t look into these details and is expecting a package, might fall for the scam.
DHL Scams – How to Avoid Them in 2021?
In this section, you will find out how to differentiate between DHL Scams and messages from the official DHL brand, following a simple set of rules and guidelines. So, if you are reading this article, you should now know that there is a multitude of scams involving a DHL shipment or parcel notifications. Below you will see what you should research.
Refer to the following link that is of the official page for DHL Fraud Awareness and Prevention.
New scams and fraud attempts will be listed on those official pages under the country you are using the online services of DHL under the Fraud Awarness program which has a slightly different URL for different countries. For examples, for Serbia, the letters sr would be added at the back of the url, while the main address will remain.
As you now know about the existence of the scams and the official page of DHL Fraud Awareness, refer to the following guidelines on how to avoid most scams related to the shipping brand:
- Never pay before your goods get delivered
- Do not provide any details about you, your addresses or similar information via email or unknown Websites
- Do not open email attachments, as DHL does not send such, neither it requests users to open such
- Always use DHL.com to refer to pages in connection with the service
- Avoid messages with grammatical or typographical errors
- Avoid emails that are not addressed to you by name
- Avoid messages sent by a service you don’t expect to hear from
- Avoid messages that do not include a tracking number or specific details about your order or address
- Avoid clicking on links to provide your email address for verification
- Avoid payments to someone whose identity you can’t confirm
The guideline rules listed above were constructed by the SensorsTechForum team via research done on the matter. These rules are based on common sense and depending on the various scams related to DHL.
Some of these scams related to DHL can be removed by closing the message or browser. In case the scam pages continue to bother you even after that, then you probably have something else on your computer generating them.
How to Get Rid of DHL Scams Completely
All that is required to remove some scams is to ignore the message, never respond to it and delete it. Other scams require a bit of action, such as thoroughly scanning your computer machine with security software to determine whether you have some malware component that is pushing spoofed messages to your computer, browser, or email address.
We highly recommend that all computer users scan their system for active infections and malware using a security program. That could prevent many malicious actions and stop malware from distributing further.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
- Guide 1: How to Remove DHL Phishing Scams from Windows.
- Guide 2: Get rid of DHL Phishing Scams on Mac OS X.
- Guide 3: Remove DHL Phishing Scams in Google Chrome.
- Guide 4: Erase DHL Phishing Scams from Mozilla Firefox.
- Guide 5: Uninstall DHL Phishing Scams from Microsoft Edge.
- Guide 6: Remove DHL Phishing Scams from Safari.
- Guide 7: Eliminate DHL Phishing Scams from Internet Explorer.
- Guide 8: Disable DHL Phishing Scams Push Notifications in Your Browsers.
How to Remove DHL Phishing Scams from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove DHL Phishing Scams
Step 2: Uninstall DHL Phishing Scams and related software from Windows
Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it.
Step 3: Clean any registries, created by DHL Phishing Scams on your computer.
The usually targeted registries of Windows machines are the following:
You can access them by opening the Windows registry editor and deleting any values, created by DHL Phishing Scams there. This can happen by following the steps underneath:
Get rid of DHL Phishing Scams from Mac OS X.
Step 1: Uninstall DHL Phishing Scams and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove DHL Phishing Scams via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove DHL Phishing Scams files from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as DHL Phishing Scams, the recommended way of eliminating the threat is by using an anti-malware program. SpyHunter for Mac offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Remove DHL Phishing Scams from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Erase DHL Phishing Scams from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Uninstall DHL Phishing Scams from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Remove DHL Phishing Scams from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the DHL Phishing Scams will be removed.
Eliminate DHL Phishing Scams from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.
Remove Push Notifications caused by DHL Phishing Scams from Your Browsers.
Turn Off Push Notifications from Google Chrome
To disable any Push Notices from Google Chrome browser, please follow the steps below:
Step 1: Go to Settings in Chrome.
Step 2: In Settings, select “Advanced Settings”:
Step 3: Click “Content Settings”:
Step 4: Open “Notifications”:
Step 5: Click the three dots and choose Block, Edit or Remove options:
Remove Push Notifications on Firefox
Step 1: Go to Firefox Options.
Step 2: Go to “Settings”, type “notifications” in the search bar and click "Settings":
Step 3: Click “Remove” on any site you wish notifications gone and click “Save Changes”
Stop Push Notifications on Opera
Step 1: In Opera, press ALT+P to go to Settings
Step 2: In Setting search, type “Content” to go to Content Settings.
Step 3: Open Notifications:
Step 4: Do the same as you did with Google Chrome (explained below):
Eliminate Push Notifications on Safari
Step 1: Open Safari Preferences.
Step 2: Choose the domain from where you like push pop-ups gone and change to "Deny" from "Allow".