Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 151 - April, 2013 (1st Edition) - Page 17

DHL Notification Malware Email

Issue 151 Start Menu

Previous Article            Next Article

Outline
Emails purporting to be from international mail delivery service DHL claim that a parcel has been sent to the recipient or that a parcel could not be delivered due to an addressing error. The messages advise the recipient to open an attached file to view a parcel tracking number and access more information about the delivery or print out a delivery label.

DHL Parcel Delivery Malware

© Depositphotos.com/nmcandre



Brief Analysis
The emails are not from DHL. The attachments contains malware that, once installed, can connect to malicious websites, download additional malware components and steal personal information from the infected computer.

Bookmark and Share

Example
Subject: DHL delivery report

DHL notification

Our company’s courier couldn’t make the delivery of parcel.

REASON: Postal code contains an error.
LOCATION OF YOUR PARCEL: New York
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: ETBAKPRSU3
FEATURES: No

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information:

If the parcel isn’t received within 15 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
DHL Global


DHL Malware

Detailed Analysis
These crudely rendered malware messages purport to be from international mail delivery service DHL. One version of the message notifies the recipient that a parcel has been sent to his or her address and is expected to arrive within seven business days. It advises the recipient to open an attached file to retrieve a tracking number for the parcel along with more information about the delivery.


A later version claims that a parcel sent to the recipient could not be delivered due to an apparent addressing error. The message advises the user to open an attached file and print out a postal label to resolve the issue and collect the parcel. It warns that , if the parcel is not collected within 15 days, DHL will start charging a daily fee for storage.

However, the emails are certainly not from DHL and the attachments do not contain delivery information or addressing labels. Instead, the attachments harbour malware. Opening the attachment can install a trojan that can subsequently make connections to malicious websites and download additional malware modules. The malware can collect information from the infected computer and relay it back to Internet criminals.

Many recipients will quickly suspect that the message is not from DHL because of the very poor spelling and grammar. Moreover, DHL is very unlikely to contact customers via an unsolicited, generic email that contains delivery information in an attached file. DHL is regularly targeted by criminals intent on distributing malware. The names of other well-known delivery companies, including UPS and FedEx have also been repeatedly used by malware distributors. Another such malware attack consisted of emails purporting to be from Post Express.

If you receive one of these fake DHL emails, or a similar message claiming to be from another delivery company, do not open any attachments that it contains. Note also that some versions may try to trick recipients into clicking links that lead to compromised websites that also contain malware.

Bookmark and Share

Last updated: March 21, 2013
First published: March 12, 2011
By Brett M. Christensen
About Hoax-Slayer

References
Sloppy spelling scuppers DHL malware spam attack
Not Able to Deliver UPS Package Malware Email
FedEx Incorrect Delivery Address Malware Email
Post Express 'Incorrect Delivery Address' Malware Emails
Spamvertised DHL notifications lead to malware



Previous Article            Next Article

Issue 151 Start Menu

Pages in this issue:
  1. Viral Facebook Message Falsely Claims that a Pictured Man is Posing as an RSPCA Officer and Stealing Dogs
  2. 'Bad Brit' - Nigel Farage and the Tory Party's Worst Nightmare
  3. Digital Pad ATM Skimming Device Warning
  4. UK National Lottery Scams
  5. Gun Owner Vehicle Tagging Hoax
  6. Carol's Story - Dating Scam
  7. Message Calls For Boycott of Starbucks For Its 'Attack on Traditional Marriage'
  8. Ransomware Warning
  9. Use Left Ear For Mobile Phone Hoax
  10. Bogus Warning - White Transit Van 'RH57 WSU' Trying To Steal Dogs
  11. Urban Legend - Couple Arrested at Airport with Dead Baby Stuffed With Drugs
  12. ACH Processing Service Malware Email
  13. Baby With Bong Protest Message
  14. Linda Singh - Blackberry Money for Forwarding Hoax
  15. Hoax - 'Punjab Rape Festival'
  16. Beware - 'Unsealed' Product Giveaways on Facebook
  17. DHL Notification Malware Email
  18. Fake CNN Emails About Pope Point to Malware
  19. Angolan Witch Spider - Giant Spider Hoax
  20. Bogus Health Warning - Scratch Card 'Silver Nitro Oxide' Coating Causes Skin Cancer
  21. March 2013 - Five Fridays, Five Saturdays, Five Sundays
  22. Australian Tax Refund Scam Email
  23. 'Confidential Document' Google Docs Phishing Scam