Warning! The DHL Parcel Arrival Notification scam is back

Don't click on an email giving you a parcel arrival notification. It's a scam. Here's why.

Philip Brown smelled a scam. He wasn’t expecting a package delivery. But a suspicious email in his inbox said otherwise. Specifically, it was an email with the subject line DHL Parcel Arrival Notification REF No:677644359[FS#6562989.

The message contained a link that DHL allegedly wanted him to click. The notification promised him he’d be taken to the DHL website so he could track his package or make alternate arrangements for delivery.

Elliott Advocacy is underwritten by Insuremyrentalcar.com. An independent provider of low cost CDW/LDW insurance for use with rental cars. Up to $100,000 cover with no deductible. Policies available on a per day, per trip or per year basis. Also works with overseas rentals. Try  Insuremyrentalcar.comnow.


In fact, the link would have downloaded a virus to his computer.

“I was not expecting any items sent through DHL,” Brown explained to the Elliott Advocacy team. “So it raised some red flags immediately.”

Brown’s story had a happy ending. Not only did he refuse to click on the fishy link, but he also sent the suspicious message to our advocacy team to investigate. Other computer users haven’t been so lucky.

Turns out the Package Delivery Virus scam has been around since 2009, and has been reproduced to appear as if it was sent from DHL, UPS, FedEx, and the U.S. Postal Service.

Our friends at Snopes.com warn that the messages:

actually harbor malicious executable files (‘ups_invoice.exe’ or the like) and display as a Microsoft Word icon to make it appear like a harmless Word document and thereby lure recipients into clicking on it.

Parcel arrival notification scam warning

UPS also posted a warning (which has since been taken down):

Fraudulent emails adopt many different forms and are the unauthorized actions of third parties not associated with UPS. These email messages referred to as “phishing” or “spoofing” are becoming more common and may appear legitimate by incorporating company brands, colors, or other legal disclaimers.

There have been a number of fraudulent emails reported and new spoofs continue to be introduced. These types of emails point to invalid hyperlinks that are revealed when you hold your cursor over them. The invalid links may contain malware, which could potentially corrupt your computer.

These are not legitimate UPS communications, and should you receive any of these emails, do not follow any links provided or click on any attachments. Instead, simply delete the email. If you’ve accidentally selected a link, you should run a virus scan immediately.

These shipping agents list warnings on their websites about the scam emails.

If you receive an email that indicates there is an issue with a package, go to the company website to verify the problem.

Do not click on that email

Do not click the email. Instead, open a new window and type in the website address of the company. Then click the option for tracking a package and enter (do not copy and paste) the tracking number from the email.

If the company really is trying to deliver a package to you, it will display the information. If it’s an invalid tracking number, delete the email and empty your trash. Whatever you do, don’t click the link.

One more thing: Always keep your antivirus software up-to-date — just in case.

About the Author
Michelle worked in the travel and hospitality industry for almost two decades. Born in Germany, she has lived in 15 states and two foreign countries, and traveled to more than 35 countries. After living and working in Southeast Asia for several years, she now resides in New Orleans. Read more of Michelle Bell's articles here.
Posted in Commentary Tagged , ,

16 thoughts on “Warning! The DHL Parcel Arrival Notification scam is back

  1. A few times each month I get similar e-mails about “Invoices” or “Purchase Orders” or “Requests to Quote” and similar. Receiving these gives me the chance to exercise my Delete key. Similarly, messages from “Olga” wanting to be my friend.

  2. I got an email yesterday with a “zipped” and password protected attachment disguised as a bill with my last name on it. It was on my cable company email account which is seldom used. The fake return address stating makotek.net – note that it was a fake return address, not from them. However, looking up makotek, they specialize in cable company collections. Yet another effort by the scammer to make it look legitimate. The email was sent from a server in Russia. My point is that these guys are getting smarter. On my main email, I actually have Russia on my list of blocked countries for email.

  3. Emails like this look more and more official but still are a long way from resembling the real thing. Furthermore, if somebody *sent* me a package through DHL, why would DHL have my address anyway… seems like they would only have the sender’s email to me.

  4. The package delivery phish doesn’t just infect you with a plain old virus, but with ransomware, the worst mind. The most common victim of a delivery phish is a small to medium business, where the person opening the message has no idea whether or not a package is actually expected. Unlike “Make your mortgage larger, guys!” this message looks businesslike and legitimate.

    1. The fault in those cases is IT giving their employees, especially their line employees admin privileges on a shared server.

  5. My company used this as a phishing test. They sent it to the entire staff to see who would click on it even after years of warnings not to click in unknown emails.

  6. Anti-virus wont really help most users. Not to say don’t use it, but the reality is once definitions are developed, then the scammers create a new method.

    Never follow links given to you when accessing commerce sites. Google the main site or if you know it go there directly. If correspondence doesn’t include file, tracking, or other type of identification number then it’s a scam.

  7. Okay. I may be able to understand what the sender may want to accomplish with “ransom ware”, but what in the devil does anyone get by sending plain vanilla malware? Are they so pathetic they just want to cause scattered harm to unknown recipients? Wow.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: