Not expecting a package from DHL? Don’t click on that link

Philip Brown smelled a scam.

He wasn’t expecting a DHL package delivery. But a suspicious email in his inbox said otherwise. Specifically, it was an email with the subject line DHL Parcel Arrival Notification REF No:677644359[FS#6562989.

The message contained a link that DHL allegedly wanted him to click. The notification promised him he’d be taken to the DHL website so he could track his package or make alternate arrangements for delivery. Read more “Not expecting a package from DHL? Don’t click on that link”

Condor found my missing phone, but won’t ship it back to me

Susan Weedall accidentally left her phone at the gate in the Frankfurt airport. Fortunately, airport security found it and paged her. Happy ending right? Sadly, no. Read more “Condor found my missing phone, but won’t ship it back to me”

Warning! The DHL Parcel Arrival Notification scam is back

Philip Brown smelled a scam.

He wasn’t expecting a package delivery. But a suspicious email in his inbox said otherwise. Specifically, it was an email with the subject line DHL Parcel Arrival Notification REF No:677644359[FS#6562989.

The message contained a link that DHL allegedly wanted him to click. The notification promised him he’d be taken to the DHL website so he could track his package or make alternate arrangements for delivery.

Right.

In fact, the link would have downloaded a virus to his computer.

“I was not expecting any items sent through DHL,” he explains. “So it raised some red flags immediately.”

Brown’s story had a happy ending. Not only did he refuse to click on the fishy link, but he also sent the suspicious message to our advocacy team to investigate. Other computer users haven’t been so lucky.

Turns out the Package Delivery Virus scam has been around since 2009, and has been reproduced to appear as if it was sent from DHL, UPS, FedEx, and the U.S. Postal Service.

Our friends at Snopes.com warn that the messages:

actually harbor malicious executable files (‘ups_invoice.exe’ or the like) and display as a Microsoft Word icon to make it appear like a harmless Word document and thereby lure recipients into clicking on it.

UPS has also posted a warning:

Fraudulent emails adopt many different forms and are the unauthorized actions of third parties not associated with UPS. These email messages referred to as “phishing” or “spoofing” are becoming more common and may appear legitimate by incorporating company brands, colors, or other legal disclaimers.

There have been a number of fraudulent emails reported and new spoofs continue to be introduced. These types of emails point to invalid hyperlinks that are revealed when you hold your cursor over them. The invalid links may contain malware, which could potentially corrupt your computer.

These are not legitimate UPS communications, and should you receive any of these emails, do not follow any links provided or click on any attachments. Instead, simply delete the email. If you’ve accidentally selected a link, you should run a virus scan immediately.

Each of these shipping agents lists a warning on its website about the scam emails.

If you receive an email that indicates there is an issue with a package, go to the company website to verify the problem.

Do not click the email. Instead, open a new window and type in the website address of the company. Then click the option for tracking a package and enter (do not copy and paste) the tracking number from the email.

If the company really is trying to deliver a package to you, it will display the information. If it’s an invalid tracking number, delete the email and empty your trash. Whatever you do, don’t click the link.

One more thing: Always keep your antivirus software up-to-date — just in case.