DHL - YOUR PARCEL HAS BEEN DELIVERED Email Scam

Cybercriminals are sending convincing-looking emails that pretend to be parcel notifications from DHL. At first glance, they mimic legitimate delivery messages, but these are fraudulent phishing attempts designed to steal email login credentials and, through them, other sensitive accounts. These scam messages are not associated with DHL or any legitimate courier, company, or service provider.

HOW THE SCAM WORKS — THE BAIT, THE ATTACHMENTS, THE HARVEST

Attackers send messages with subjects like 'DHL Shipment Notification: Notice of Parcel Arrival for AWB #4014983405' (wording varies). The body claims a parcel has been processed or delivered and points recipients to attachments for shipment details. Two HTML attachments accompany the message — different filenames, but identical content and appearance. The attachments use DHL branding and a message along the lines of 'This document is secure and protected / Email authentication is required. Sign in with your email to view the document.' When a victim enters their email credentials into that page, the data is captured by the phishers. The harvested credentials are then immediately usable to access the victim's mailbox and any other accounts linked to that email.

RED FLAGS & QUICK IDENTIFIERS

• Sender address, unexpected attachments, or a generic greeting despite mentioning parcel details.
• HTML attachments asking you to 'sign in to view' a document instead of a normal PDF or a tracking link from the official DHL domain.
• Urgent wording pressuring you to authenticate or 'verify' immediately.
• Inconsistencies in branding, grammar mistakes, or links that do not resolve to an official DHL domain.

WHY THIS IS DANGEROUS — BEYOND A SINGLE ACCOUNT

A compromised email account is a gateway: attackers can read private messages, reset passwords on other services, impersonate you to contacts, request money, or push malware and malicious links to your address book and social networks. Finance-related accounts that use the same credentials or email for recovery are especially at risk — fraudsters can initiate transactions, make purchases, or request transfers. The scam is also a vector for distributing various malwares (trojans, ransomware, cryptominers) or for running secondary scams (refund, advance-fee, tech support, sextortion, etc.).

IMMEDIATE ACTION STEPS

• Change the password of the exposed email account immediately and enable two-factor authentication (2FA).
• For every service that uses the same email/password, change those passwords and enable 2FA where possible; treat any account linked to that email as potentially compromised.
• Notify official support teams for financial services, marketplaces, or other sensitive platforms where your email is used. Report the phishing email to your email provider and mark it as phishing.
• Scan your devices with up-to-date anti-malware tools and check outbox/sent items for unauthorized messages; inform contacts if suspicious messages may have been sent from your account.

HOW MALWARE & ATTACHMENTS FIT IN THE INFECTION CHAIN

Spam can carry malicious payloads in many formats: HTML attachments (as in these DHL phishes), documents (PDF, Office files, OneNote), archives (ZIP, RAR), executables (.exe), or scripts and JavaScript. Some file types require the user to take a second action to trigger malware — enabling macros in Office files, clicking embedded links, or opening attachments inside OneNote. Once the payload is activated, malware may drop trojans, ransomware, or backdoors that enable persistent access and additional theft.

THE RISKS ARE REAL, THE MITIGATION IS SIMPLE

The 'DHL — YOUR PARCEL HAS BEEN DELIVERED' emails are fraudulent phishing attempts that rely on trusted branding and spoofed attachments to trick people into surrendering credentials. These messages are not affiliated with DHL or any legitimate organization. Falling for them can lead to privacy breaches, identity theft, financial loss, and malware infection, but prompt action (change passwords, enable 2FA, notify support) and cautious habits (don't open suspicious attachments, verify links) dramatically reduce the risk.