Not expecting a package from DHL? Don’t click on that link


Philip Brown smelled a scam.

He wasn’t expecting a DHL package delivery. But a suspicious email in his inbox said otherwise. Specifically, it was an email with the subject line DHL Parcel Arrival Notification REF No:677644359[FS#6562989.

The message contained a link that DHL allegedly wanted him to click. The notification promised him he’d be taken to the DHL website so he could track his package or make alternate arrangements for delivery.

Right.

In fact, the link would have downloaded a virus to his computer.

“I was not expecting any items sent through DHL,” he explains. “So it raised some red flags immediately.”

Brown’s story had a happy ending. Not only did he refuse to click on the fishy link, but he also sent the suspicious message to our advocacy team to investigate. Other computer users haven’t been so lucky.

Turns out the Package Delivery Virus scam has been around since 2009, and has been reproduced to appear as if it was sent from DHL, UPS, FedEx, and the U.S. Postal Service.

Our friends at Snopes.com warn that the messages:

actually harbor malicious executable files (‘ups_invoice.exe’ or the like) and display as a Microsoft Word icon to make it appear like a harmless Word document and thereby lure recipients into clicking on it.

UPS has also posted a warning:

Fraudulent emails adopt many different forms and are the unauthorized actions of third parties not associated with UPS. These email messages referred to as “phishing” or “spoofing” are becoming more common and may appear legitimate by incorporating company brands, colors, or other legal disclaimers.


There have been a number of fraudulent emails reported and new spoofs continue to be introduced. These types of emails point to invalid hyperlinks that are revealed when you hold your cursor over them. The invalid links may contain malware, which could potentially corrupt your computer.

These are not legitimate UPS communications, and should you receive any of these emails, do not follow any links provided or click on any attachments. Instead, simply delete the email. If you’ve accidentally selected a link, you should run a virus scan immediately.

Each of these shipping agents lists a warning on its website about the scam emails.

If you receive an email that indicates there is an issue with a package, go to the company website to verify the problem.

Do not click the email. Instead, open a new window and type in the website address of the company. Then click the option for tracking a package and enter (do not copy and paste) the tracking number from the email.

If the company really is trying to deliver a package to you, it will display the information. If it’s an invalid tracking number, delete the email and empty your trash. Whatever you do, don’t click the link.

One more thing: Always keep your antivirus software up-to-date — just in case.

Editors note: This is one of our most visited columns of 2017. We’re republishing some of our best stories this week.


Michelle Bell

Michelle worked in the travel and hospitality industry for almost two decades. Born in Germany, she has lived in 15 states and two foreign countries, and traveled to more than 35 countries. After living and working in Southeast Asia for several years, she now resides in New Orleans. Read more of Michelle Bell's articles here.

  • AJPeabody

    And how the heck would DHL have your email address?

  • KennyG

    Someone receiving the email, if they thought about it at all, might somewhat logically assume that whatever company is shipping them a package may have provided it to DHL when they shipped it to the recipient. Remember, the success of this virus hoax depends on the lack of suspicion in the first place.

  • Donald Filiault

    Your warning is certainly appreciated, but no matter how absurd the email is, a certain portion of the populace will fall for it. A former coworker of mine lost his life savings of $400,000 to a Nigerian scam several years ago, despite being a very competent Graduate Electrical Engineer.

  • tio2girl

    I get legitimate notifications of package shipments from UPS and other package shipment companies. This scam could strike people who are used to these kind of notifications the easiest.

  • jim6555

    One thing that can help to determine whether a message is legitimate is if your name is used in the greeting, For example, a company that is legitimate will address you as Dear John Smith, Dear Mr. Smith or just John Smith. They know your name because they have your shipping information on file. Scammers generally work off lists of email addresses and don’t know your name.

  • Pegtoo

    I remember receiving a couple vague shipping notifications in December – they did not have specific info about the sender. With a lot of Christmas online orders in process, it wasn’t important for me to take time to track them. Now I’m glad I didn’t react, and will remember to scrutinize before I do.

  • tio2girl

    Yes! Often the notifications come at the request of the sender, but the shipping co doesn’t include the shipper info. It feels sketchy, even when legit. There’s usually a tracking number included in the notification, though. Always safer to copy and paste the tracking number rather than to click on a link, but we all get lax sometimes…especially when a notification seems the norm.

  • Jayne Bailey Holland

    There are people who search lists you might be on, even power bills, etc., and sell those lists to anyone who will pay. They can even get voters lists. More and more now, we are asked for our address PLUS email address. I saw a segment on exactly this thing on 60 minutes last Sunday. I use a different email that I only use for online purchases to try and keep track of this sort of thing. I am buyer for a medium size company and I get shipping emails on a daily basis.

  • Harvey-6-3.5

    Also, look at the email sender (which I can do with a simple right click on the email in Outlook), because most of the time, these junk emails are not sent by an address like DHL.com or UPS.com, but rather like hyobiegr@x2upj6b.com (that is a real email address I blocked). (Though sometimes they spoof my own email address which is just annoying and clearly spam to me, at least, since if I didn’t send it, it can’t be real).

  • sheldan

    I have noticed that when I get an e-mail in my Spam folder I automatically check the e-mail address by moving the mouse over the e-mail. This usually shows me the e-mail address without actually having to open the e-mail. If the e-mail address does not match the company it supposedly claims, I DELETE it immediately. (If, in the case of the subject of this post, the e-mail doesn’t end in “dhl.com” or DHL’s legitimate identifier, it’s definitely spam.) Maybe that would prevent many hoaxes from being perpetrated.

  • joycexyz

    Appealing to greed is a winner, no matter how educated or intelligent the victim may be. That’s why these scams are so successful.

  • joycexyz

    If you’re unsure about an email alert, do not click on the link. Go directly to the website (dhl.com, ups.com, bankofamerica.com…). Or, if it claims to be from your bank or credit card company, pick up the phone.

%d bloggers like this:
Get smart. Sign up for the newsletter.