Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









DHL Notification Malware Email

Outline
Emails purporting to be from international mail delivery service DHL claim that a parcel has been sent to the recipient or that a parcel could not be delivered due to an addressing error. The messages advise the recipient to open an attached file to view a parcel tracking number and access more information about the delivery or print out a delivery label.

DHL Parcel Delivery Malware

Depositphotos.com/nmcandre



Brief Analysis
The emails are not from DHL. The attachments contains malware that, once installed, can connect to malicious websites, download additional malware components and steal personal information from the infected computer.

Bookmark and Share

Example
Subject: DHL delivery report

DHL notification

Our company’s courier couldn’t make the delivery of parcel.

REASON: Postal code contains an error.
LOCATION OF YOUR PARCEL: New York
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: ETBAKPRSU3
FEATURES: No

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information:

If the parcel isn’t received within 15 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
DHL Global


DHL Malware

Detailed Analysis
These crudely rendered malware messages purport to be from international mail delivery service DHL. One version of the message notifies the recipient that a parcel has been sent to his or her address and is expected to arrive within seven business days. It advises the recipient to open an attached file to retrieve a tracking number for the parcel along with more information about the delivery.


A later version claims that a parcel sent to the recipient could not be delivered due to an apparent addressing error. The message advises the user to open an attached file and print out a postal label to resolve the issue and collect the parcel. It warns that , if the parcel is not collected within 15 days, DHL will start charging a daily fee for storage.

However, the emails are certainly not from DHL and the attachments do not contain delivery information or addressing labels. Instead, the attachments harbour malware. Opening the attachment can install a trojan that can subsequently make connections to malicious websites and download additional malware modules. The malware can collect information from the infected computer and relay it back to Internet criminals.

Many recipients will quickly suspect that the message is not from DHL because of the very poor spelling and grammar. Moreover, DHL is very unlikely to contact customers via an unsolicited, generic email that contains delivery information in an attached file. DHL is regularly targeted by criminals intent on distributing malware. The names of other well-known delivery companies, including UPS and FedEx have also been repeatedly used by malware distributors. Another such malware attack consisted of emails purporting to be from Post Express.

If you receive one of these fake DHL emails, or a similar message claiming to be from another delivery company, do not open any attachments that it contains. Note also that some versions may try to trick recipients into clicking links that lead to compromised websites that also contain malware.

Bookmark and Share

Last updated: March 21, 2013
First published: March 12, 2011
By Brett M. Christensen
About Hoax-Slayer

References
Sloppy spelling scuppers DHL malware spam attack
Not Able to Deliver UPS Package Malware Email
FedEx Incorrect Delivery Address Malware Email
Post Express 'Incorrect Delivery Address' Malware Emails
Spamvertised DHL notifications lead to malware