Beware fake DHL text message scams
Scammers are sending out scam text messages that appear to come from courier company DHL asking users to click a link about a pending delivery. However these links are leading to phishing websites or in many cases, malware.
We’ve seen a sharp rise in courier themed text and email scams, and many of these scams are using the same “tried & tested” social engineering tricks to lure recipients into compromising their own security.
For example, the below scam DHL text message offers to track a parcel.
DHL: Your parcel is arriving, track here: LINK REMOVED
Victims have also reported receiving a scam DHL text message asking for payment, such as shipping fees or custom fees, like below.
Dear Joe Your DHL delivery has been stopped at our depot. Trk# CS279003594DE. Please resolve the issue here:
These are scams designed to trick recipients into either downloading harmful files or visiting spoof websites that will ask a recipient for personal and financial information which are then transmitted to cyber crooks.
In the case of text messages offering to allow the recipient track a parcel, this leads to a fake tracking app that is actually spyware capable of logging and stealing sensitive information from a device. These messages have been used to infect devices with the FluBot malware. More information on that here.
Some of these scam text messages may even include the recipient’s name, most likely because of previous data leaks and data scraping incidents where names and corresponding phone numbers have been leaked online (point in case the recent Facebook data scraping incident.)
If the links don’t lead to malware, they will lead to a website that appears to be the DHL website asking users for personal information, and most likely claiming they also need to input their payment details to cover shipping costs. This information is sent to crooks, leading to identity fraud.
Sponsored Content. Continued below...
To avoid these scams, always avoid clicking on links or downloading files from unexpected emails or text messages. The majority of courier companies, if you do miss a delivery, will leave a “missed delivery” note at the premises.
You can contact the courier service using the contact information on their official website to speak to them to see if the missed delivery note is genuine and to reschedule a delivery if necessary.
And importantly, have good security software on your mobile device capable of preventing phishing scams. Our recommendation for mobile security software is here.