Beware of DHL’s Email Delivery – it could be a package scam – Naked Security
Another day of lockdown…
…another scam to report delivery of the package.
Here’s another reminder to think before you click, even if it takes a few seconds a day to see what you’re asked to do in an offensive email.
I think you will easily find that this is fake – we will explain why in this article – but we also understand very well why it seems quite innocent to click the mouse.
Many of the scams we’ve talked about are meant to get you to take action, to make you click, or a little bit of both.
For example, delivery fraud often provokes you by telling you what the tough item is on the way, like a mobile phone someone sends you as a gift.
At the same time, they put pressure on you to act quickly and warn you that delivery will be delayed or even cancelled if you do not pay the required fee to remove the item from the warehouse.
In order not to appear greedy and not to give the impression that they are not crooks, the amount to be paid is often very modest, for example $1, which is not the money that crooks would demand if they had money with them.
They won’t charge you – in fact, they won’t charge you at all because they want your personal information instead.
This time, the crooks follow a much more relaxed formula that says nothing more than Hey, here’s how to track your delivery, that’s kind of message you can reasonably expect when you order something or when someone orders something for you:
Notification of an incoming parcel!
This is to inform you that your e-mail contains a recorded [DISPLAY] message. Follow the URL below to track your shipment
And that’s all there is in an e-mail.
Therefore, an exclamation mark after the word notification is unlikely to be present in the original message – it is still a message, not a warning or warning.
More importantly, when you hover your mouse over a link, you don’t see the name of a website you’ve never heard of (this scam happens to use a compromised web server owned by a construction company in Bahrain).
If you click your mouse to see what’s going on, you’ll see a simple web page like this:
No matter how inexplicable and insincere the page itself may seem, the address bar is a happy sign that it is a scam.
The URL (which we have hidden here) wasn’t on any visible or audible domain name, so it was totally different for any website you would expect from a DHL server.
There is also no padlock because the URL is started with http:// (unsecured) and not https:// (encrypted session).
Ironically, although the web service used by the company from which the site was hacked supports HTTPS and the site has a valid HTTPS certificate, the scammers have ignored the benefits of an encrypted connection.
As we said, an HTTPS certificate does not mean you can trust the website and its content, only that your connection is not easily traceable.
However, the lack of HTTPS certificates on legitimate websites today is so unusual that it should be seen as an immediate warning that not everything is so good.
Of course, if you haven’t noticed the alerts and haven’t entered your password, the information will not be passed on to DHL, but directly to the fraudsters, who are likely to verify your password not only in your real DHL account, but also in any other account they think you have. (Therefore, never use the same password on more than one website).
What should I do?
- Don’t be fooled by the fact that you’re waiting for a delivery. Scammers don’t need to know you’re waiting for delivery to find the right time. Especially during a coronavirus pandemic, they can simply assume that this is the case, and for many people they will be right for a long time to come.
- Consider delivery messages as notifications only and ignore links. It’s a bit more complicated, but avoid clicking on the links in these messages. If you order products online, please pay attention to the website you want to use to track your products and go there yourself in case of delivery problems.
- Check the URL in the address bar. Today, most cybercriminals use HTTPS sites because everyone expects to see a padlock in the address bar. However, the padlock does not indicate that you are on the correct page, only that you are on a page with an HTTPS certificate. Remember to go to your laptop and check the link from there. This takes extra effort because the address bar is larger and tells more.
- Use third party products to ensure the safety of your phone. Sophos Intercept X for mobile adds built-in protection to your phone by keeping you away from risky websites.
- Immediately change the passwords you enter on websites that you later discover to be fake. The sooner you change the current password, the less time the scammers have to try to use it. If you come to a payment page where you enter the details of the payment card and then discover that fraud has been committed, call your bank fraud hotline immediately. (Look on the back of your card to find the correct phone number).
Newest Podcast Bare Security