Emails purporting to be from international mail delivery service DHL claim that a parcel has been sent to the recipient or that a parcel could not be delivered due to an addressing error. The messages advise the recipient to open an attached file to view a parcel tracking number and access more information about the delivery or print out a delivery label.
The emails are not from DHL. The attachments contain malware that, once installed, can connect to malicious websites, download additional malware components and steal personal information from the infected computer.
Subject: DHL delivery report
Our company’s courier couldn’t make the delivery of parcel.
REASON: Postal code contains an error.
LOCATION OF YOUR PARCEL: New York
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL: ETBAKPRSU3
Label is enclosed to the letter.
Print a label and show it at your post office.
An additional information:
If the parcel isn’t received within 15 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
Thank you for using our services.
These crudely rendered malware messages purport to be from international mail delivery service DHL. One version of the message notifies the recipient that a parcel has been sent to his or her address and is expected to arrive within seven business days. It advises the recipient to open an attached file to retrieve a tracking number for the parcel along with more information about the delivery.
A later version claims that a parcel sent to the recipient could not be delivered due to an apparent addressing error. The message advises the user to open an attached file and print out a postal label to resolve the issue and collect the parcel. It warns that, if the parcel is not collected within 15 days, DHL will start charging a daily fee for storage.
However, the emails are certainly not from DHL and the attachments do not contain delivery information or address labels. Instead, the attachments harbour malware. Opening the attachment can install a trojan that can subsequently make connections to malicious websites and download additional malware modules. The malware can collect information from the infected computer and relay it back to Internet criminals.
Many recipients will quickly suspect that the message is not from DHL because of the very poor spelling and grammar. Moreover, DHL is very unlikely to contact customers via an unsolicited, generic email that contains delivery information in an attached file. DHL is regularly targeted by criminals intent on distributing malware. The names of other well-known delivery companies, including UPS and FedEx have also been repeatedly used by malware distributors.
Another such malware attack consisted of emails purporting to be from Post Express.
If you receive one of these fake DHL emails, or a similar message claiming to be from another delivery company, do not open any attachments that it contains. Note also that some versions may try to trick recipients into clicking links that lead to compromised websites that also contain malware.