Warning! The DHL Parcel Arrival Notification scam is back

Don't click on an email giving you a parcel arrival notification. It's a scam. Here's why.

Philip Brown smelled a scam. He wasn’t expecting a package delivery. But a suspicious email in his inbox said otherwise. Specifically, it was an email with the subject line DHL Parcel Arrival Notification REF No:677644359[FS#6562989.

The message contained a link that DHL allegedly wanted him to click. The notification promised him he’d be taken to the DHL website so he could track his package or make alternate arrangements for delivery.

Elliott Advocacy is underwritten by Generali Global Assistance. Generali Global Assistance has been a leading provider of travel insurance and other assistance services for more than 25 years. We offer a full suite of innovative, vertically integrated travel insurance and emergency services. Generali Global Assistance is part of The Europ Assistance (EA) Group, who pioneered the travel assistance industry in 1963 and continues to be the leader in providing real-time assistance anywhere in the world, delivering on our motto – You Live, We Care.

Right.

In fact, the link would have downloaded a virus to his computer.

“I was not expecting any items sent through DHL,” Brown explained to the Elliott Advocacy team. “So it raised some red flags immediately.”

Brown’s story had a happy ending. Not only did he refuse to click on the fishy link, but he also sent the suspicious message to our advocacy team to investigate. Other computer users haven’t been so lucky.

Turns out the Package Delivery Virus scam has been around since 2009, and has been reproduced to appear as if it was sent from DHL, UPS, FedEx, and the U.S. Postal Service.

Our friends at Snopes.com warn that the messages:

actually harbor malicious executable files (‘ups_invoice.exe’ or the like) and display as a Microsoft Word icon to make it appear like a harmless Word document and thereby lure recipients into clicking on it.

Parcel arrival notification scam warning

UPS also posted a warning (which has since been taken down):

Fraudulent emails adopt many different forms and are the unauthorized actions of third parties not associated with UPS. These email messages referred to as “phishing” or “spoofing” are becoming more common and may appear legitimate by incorporating company brands, colors, or other legal disclaimers.

There have been a number of fraudulent emails reported and new spoofs continue to be introduced. These types of emails point to invalid hyperlinks that are revealed when you hold your cursor over them. The invalid links may contain malware, which could potentially corrupt your computer.

These are not legitimate UPS communications, and should you receive any of these emails, do not follow any links provided or click on any attachments. Instead, simply delete the email. If you’ve accidentally selected a link, you should run a virus scan immediately.

These shipping agents list warnings on their websites about the scam emails.

If you receive an email that indicates there is an issue with a package, go to the company website to verify the problem.

Do not click on that email

Do not click the email. Instead, open a new window and type in the website address of the company. Then click the option for tracking a package and enter (do not copy and paste) the tracking number from the email.

If the company really is trying to deliver a package to you, it will display the information. If it’s an invalid tracking number, delete the email and empty your trash. Whatever you do, don’t click the link.

One more thing: Always keep your antivirus software up-to-date — just in case.

About the Author
Michelle worked in the travel and hospitality industry for almost two decades. Born in Germany, she has lived in 15 states and two foreign countries, and traveled to more than 35 countries. After living and working in Southeast Asia for several years, she now resides in New Orleans. Read more of Michelle Bell's articles here.
Posted in Commentary Tagged , ,
%d bloggers like this: