The Internet Patrol was recently tipped off to a fake DHL notice that is making the rounds. The fake DHL notification is relatively easy to detect IF you do not have the use of ‘friendly name’ enabled, and instead see the actual ‘from’ email address, which is admin@vedadas.tk, or some version thereof. (The .tk domain is Tokelau, a territory of New Zealand.)
(For more information on why it’s a bad idea to use a ‘friendly name’, and how it can lead to being scammed, see WARNING: Having Email Display Sender’s Contact Image and Info Helps Scammers Get in Through the Cracks.)
In the body of the email there is the link on which you are supposed to click, which link is (DON’T click on this link!):
“http://wwwapps.dhl.com/WebTracking/Shipping-Docs/invoices/download.aspx?package_id125548”
Now, here is the really interesting, tricky bit: That is, technically, a real DHL link (it goes to dhl.com). However, it forwards to com.com, which looks like this:
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Com.com website
So basically the bad guys have, somehow, managed to insert a redirect from DHL’s website to com.com. Note the wwwapps subdomain, which almost certainly is not a subdomain that DHL themselves (intentionally) set up. Now, the baddies could have done it by gaining access to DHL’s master DNS and adding the wwwapps subdomain, redirecting it to com.com, or by another form of DNS poisoning.
Whether this is a play to get traffic to com.com in hopes that people will click on those links, or whether it’s going to download malicious software (malware) to your computer when you get to com.com we don’t yet know. But either way, stay very far away.
Bottom line: if you receive the below email, or one like it, don’t even bother opening it, and if you do open it, do *not* click on that link!
Text of Spam DHL Notification Scam Email
From: DHL Express
To: Recipients
Subject: Shipping Notification: Delivery Confirmation
Français | English
On Demand Delivery
Dear Customer,
This is an automated message by our system to let you know that your package has been delivered to your local DHL office.
Problems with delivery: Our delivery courier couldn’t make the delivery of parcel due to a wrong shipping address on file and we are unable to reach you over the phone.
Enclosed are the shipping documents, Invoice with Bill of lading. You are hereby require to download print the invoice and show it at your postal office.
NOTE: If the parcel isn’t delivered within 3 working days, DHL Express have the right to claim compensation of 30 USD each day for keeping package according to the new DHL Shipping Policy for April 2019.
The Shipping invoice/Bill of lading/Shipping Documents/ can be downloaded in documents format as attached:
apps.dhl[dot]com/WebTracking/Shipping-Docs/invoices/download.aspx?package_id125548
An additional information
REASON: Shipping address contains an error and didn’t match with your address.
DELIVERY STATUS: Sort order
SERVICE: Priority
NUMBER OF YOUR PARCEL: 3
Content of Parcel: Invoice, Bill of lading, Awb & Shipping Documents
Service Priority
Documents: 3
Description: Documents
Please endeavor to be as accurate as possible to reduce time of clearance and recipient confirmation.
NOTE: IF YOU FOUND THIS MESSAGE IN YOUR SPAM FOLDER KINDLY NOTE IT WAS DUE TO YOUR ANTI SPAM SETTINGS IN YOUR EMAIL AND MOVE TO INBOX
Thank you for using our service, we will be happy to serve you.
We would like to thank you for using the services of DHL Express.
Deutsche Post DHL Group
GO GREEN - Environmental protection With DHL
Please Consider your environmental responsibility before printing esta email.
Thank you for using On Demand Delivery.
DHL Express – Excellence. Simply delivered.
Deutsche Post DHL Group
DHL Express | Contact DHL | Privacy Policy | Unsubscribe
2018 © DHL International GmbH. All rights reserved.
Shipping Notification: Delivery Confirmation
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
