Fake DHL shipment delivers malware

Fake DHL shipment delivers malware

Once again, the lure of a shipment being delivered to someone is used to try to trick users into clicking on a link in an email. In this case, a fake DHL email is being used to entice users to click on a link. Unfortunately the only delivery made in this case is malware.

We have reproduced the email in Figure A. It’s pretty straightforward, as phishing emails go. The email informs the user that they have a shipment that is waiting to be delivered. According to the email, the shipment is “scheduled for delivery tomorrow.” The email goes on to advise that a tracking number is required, and provides a link that enables the recipient to obtain a tracking number.

MailShark Fake DHL shipment delivers malware
Figure A – Click to Enlarge

The subject line of the email is “DHL Shipment Notification”, whilst the sender of the email is listed as “DHL Customer Service”. Realistic looking DHL branding is used in the email. The email is addressed as “Dear Customer”.

Looking past the authentic looking logos, the email does have some indications that it is false. Before moving onto these indications, we’ll draw attention to the link contained in the email. The anchor text of the link contains “DHL” and “tracking”. This looks very realistic. However (and this is the first issue) mousing over the text shows a link that is most definitely not a DHL site. The second indication is the wording of the email. The wording of the email is somewhat clumsy.

Note also the implied urgency of the email. The shipment is due for delivery tomorrow. The recipient is provided with a link to a site that will (presumably) facilitate a smooth delivery process.

Whilst this type of email is a moderately convincing phish, home users and small business operators may not necessarily be able to discern the difference between a genuine email and a fake. One of the aims of MailShark News is to ensure all our readers are educated on how to spot fake emails.

Scott Reeves
Free anti-spam service
Free email filter service

Share This Post

4 Comments - Write a Comment

  1. I received a DHL notification (on our iPad) that included a tracking number. I was wondering what we ordered and clicked the number what opened a file. No idea what it did but it did not show. Then I became concerned and supected it was a phishing mail. Clicked on the DHL sender mail: it showed “andreas@hocke.de”
    Search for hocke.de only showed i had no access to that server.
    Any thoughts about the security of our iPad?

    1. From what we have seen thus far, iOS is immune to this type of infection, provided the iPad/iPhone is not jail broken at the time.

  2. So stupid, I just clicked on the link of one of these fake DHL emails. What have they done now and how do I reverse any damage done?


Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.