Scam of the Week: “Dhl Express” Shipping Scam Spoof

Scam Alert yellow


You’ve got mail!…or is this mail out to get you and your private information? Can you detect the warning signs of the shipping company scam currently circulating? According to the KnowBe4 Security Team at, cybercriminals are now taking to shipping-themed phishing attacks. Here’s how they do it:


While opening your email, watch out for shipping notifications that could be fraudulent.  One such scheme is sent out from “Dhl Express.” The message claims that you have something waiting for you at your local post office, and goes on to say, “To receive your parcel, Please see and check attached shipping documents.” Attached is an html file. If you open the attachment, a web page displays what appears to be a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already entered in the username field. If you enter your password and click “View PDF Document,” then your email address and password will be sent straight to the scammers.


Notice the red-flags in this scenario. Always watch for grammatical errors and capitalization. In this case, the sender name should be “DHL” instead of “Dhl.” In the body of the email, the word “Please” is in the middle of the sentence, and should be lowercase. Watch for file types. The email attachment is an .html file, but most authentic documents are shared as PDFs, spreadsheets or word documents. HTML files are designated to be opened in web browsers, much like a link to a website.  Also keep your eyes out for anything unusual. An Adobe PDF login window appearing to block a Microsoft Excel file is not at all commonplace.