Fake DHL shipment delivers malware
Once again, the lure of a shipment being delivered to someone is used to try to trick users into clicking on a link in an email. In this case, a fake DHL email is being used to entice users to click on a link. Unfortunately the only delivery made in this case is malware.
We have reproduced the email in Figure A. It’s pretty straightforward, as phishing emails go. The email informs the user that they have a shipment that is waiting to be delivered. According to the email, the shipment is “scheduled for delivery tomorrow.” The email goes on to advise that a tracking number is required, and provides a link that enables the recipient to obtain a tracking number.
The subject line of the email is “DHL Shipment Notification”, whilst the sender of the email is listed as “DHL Customer Service”. Realistic looking DHL branding is used in the email. The email is addressed as “Dear Customer”.
Looking past the authentic looking logos, the email does have some indications that it is false. Before moving onto these indications, we’ll draw attention to the link contained in the email. The anchor text of the link contains “DHL” and “tracking”. This looks very realistic. However (and this is the first issue) mousing over the text shows a link that is most definitely not a DHL site. The second indication is the wording of the email. The wording of the email is somewhat clumsy.
Note also the implied urgency of the email. The shipment is due for delivery tomorrow. The recipient is provided with a link to a site that will (presumably) facilitate a smooth delivery process.
Whilst this type of email is a moderately convincing phish, home users and small business operators may not necessarily be able to discern the difference between a genuine email and a fake. One of the aims of MailShark News is to ensure all our readers are educated on how to spot fake emails.