In the middle of the week of Black Friday and just before Christmas, it is normal to have bought something online and be waiting for it. And among parcel services and delivery agencies, DHL is one of the most common, and precisely the victim of a new phishing campaign that seeks to impersonate its image via email.
The fake DHL mail
According to the INCIBE alert, the campaign uses an email with the subject “Your package has arrived at the post office.” In the body of the email, the message informs that a payment needs to be made in order to receive the package. A payment of 1.99 euros exactly for “to be able to finalize the delivery ”.
If you receive the email, open it and decide to pay, By clicking on the “PAYMENT” button, you will be taken to a fraudulent page impersonating DHL where they request the data to process the payment. Once the credit card details have been entered, “These will be available to cybercriminals.” And the bad thing is not that they keep your personal data, but that will also have the financiers, what’s worse.
INCIBE general guidelines to avoid being a victim of this type of fraud:
- Do not open emails from unknown or unsolicited users; they must be eliminated directly.
- Pay attention to the content of the email. If it comes from a legitimate entity, it will never contain links to your login page or attachments.
- Do not reply in any case to these emails.
- Be careful when following links or downloading attachments in emails, SMS, messages on WhatsApp or social networks, even if they are from known contacts.
- Always keep the operating system and antivirus updated. In the case of antivirus, check that it is active.
- Make sure your employees’ user accounts use strong passwords and no administrator permissions.