DHL Express Phishing Email Example
100% PHISHING EMAIL
DHL EXPRESS: UNABLE TO LOCATE YOU EMAIL PHISHING SCAM
The above email appears to be sent from the DHL Team (It is signed at the bottom as such). But is it? We look into the email, to determine if it's a phishing email. Of course, the answer is YES! But how did we arrive at that conclusion? If you haven't read our article on how to spot a fake email (phishing, scam, con, and such) read the article below as we will use it to analyze the DHL email above.
Once you receive an email that you did not expect, approach the email with caution. Do not click links or download attachments without further verifying the source of the email and its legitimacy.
Any organization that has your information will never address you in a general term such as Dear Sir, Dear Madam, Dear Sir/Madam, or just start the email with Hi, Hello, or Hi there. Businesses, Companies, and other organizations take pride in personalizing communications by using your personal information such as your name to help you identify with the message. For instance, your bank will always address you by your name, and so does your doctor, school, and your employment organization or company.
By reading through an email, you should have as much information as possible without the requirement of clicking a link or downloading an attachment.
Other missing information is contact information. Companies often include a customer service number in an email, especially, a no-reply email in case the email's recipient needs to contact the company without replying to the email. In this case, the email is a no-reply as indicated in the red banner at the bottom, but no contact information is included. This is a red flag.
DHL's portal is found on their official website https://www.dhl.com/us-en/home.html. Therefore all their official communications should bear the domain name, dhl.com, such as tracking@dhl.com, and not random characters with a domain attached. I believe that the domain gives us the final proof that the email was sent with malicious intent.
So what is the domain used in the DHL Express phishing email? The domain kayseri.edu.tr is a legitimate public university located in Kayseri, Turkey. Therefore, the email MIGHT be of a person with access and privileges to create a university email such as a student or staff.
What is Email Phishing? How to Spot a Phishing Email.
Read on email phishing definition and phishing email examples. How is phishing email attack done? Learn how to spot a phishing email and how to protect yourself from email phishing.
Analysis of the DHL Express Phishing Email
INDICATOR 1 - I DID NOT EXPECT A DHL EMAIL
Although you might have used DHL logistics services before, you might not be expecting a shipment. This email was sent to my company email. However, I did not expect a shipment via DHL Express. Therefore, from the onset, I suspected this to be a phishing email.Once you receive an email that you did not expect, approach the email with caution. Do not click links or download attachments without further verifying the source of the email and its legitimacy.
INDICATOR 2 - GENERALIZED GREETINGS
Being a client of their logistics services DHL should have your information including name, telephone number, address, and such on their systems. After all, who are they delivering the package to? In this email, I, as the client, am addressed as 'Dear Receiver'. Well, this shows that whoever is writing this email does not have my information other than my company's email address - not any individual in the company or the company name itself. Therefore, there is a high likelihood they do not have any package addressed to me or the company and hence is a scam.Any organization that has your information will never address you in a general term such as Dear Sir, Dear Madam, Dear Sir/Madam, or just start the email with Hi, Hello, or Hi there. Businesses, Companies, and other organizations take pride in personalizing communications by using your personal information such as your name to help you identify with the message. For instance, your bank will always address you by your name, and so does your doctor, school, and your employment organization or company.
INDICATOR 3 - MISSING DETAILS FROM MESSAGE BODY
Although the email is about a shipment, there is nothing to its reference other than 'shipping documents' and 'shipper'. At least a logistics company, DHL in this case, should have a shipping tracking number, which I can use to track the package on their official portal. However, the email is insistent on clicking the attachment to view the tracking details, including the tracking number, which is suspicious.By reading through an email, you should have as much information as possible without the requirement of clicking a link or downloading an attachment.
Other missing information is contact information. Companies often include a customer service number in an email, especially, a no-reply email in case the email's recipient needs to contact the company without replying to the email. In this case, the email is a no-reply as indicated in the red banner at the bottom, but no contact information is included. This is a red flag.
INDICATOR 4 - SENDER INFORMATION
Since all indicators show that this email is a scam, we need to go a little deep to ascertain this indication. This process is rather simple as it requires us to analyze the email's sender information. On the email's header information, the sender (also known as return-path) is 3011210225@kayseri.edu.tr. Well this is a problem!DHL's portal is found on their official website https://www.dhl.com/us-en/home.html. Therefore all their official communications should bear the domain name, dhl.com, such as tracking@dhl.com, and not random characters with a domain attached. I believe that the domain gives us the final proof that the email was sent with malicious intent.
So what is the domain used in the DHL Express phishing email? The domain kayseri.edu.tr is a legitimate public university located in Kayseri, Turkey. Therefore, the email MIGHT be of a person with access and privileges to create a university email such as a student or staff.
The Verdict
The email is a 100% scam. The email is generalized and missing key components of a legitimate email from a logistics company. The senders, along with crafting a somewhat 'blank' email lack the sophistication of a skilled malicious actor based on the fact that the email address used is a total giveaway that this is a phishing email. The email is sprinkled with breadcrumbs easy to see; therefore it is important to pay close attention to emails that want you to click a link, download an attachment, make a phone call, or fill out a form. Since the DHL Express email above is a phishing email, the only solution is to delete it and not even attempt to open the attachment.Frequently Asked Questions on Phishing Emails
Can I safely open links on a phishing email?
You cannot and shouldn't attempt it. This can be equated to thinking about opening a box shaped like a bomb and you can hear the ticking, and all other indicators point to a bomb. But because of the ticking, you are convinced that it might be a clock. Phishing email links and attachments can have many triggers that include clicking a link. Once you click a link, malicious applications can be stealthily downloaded to your device which infects your mobile or PC with malware. The link can also redirect you to an illegal website that runs adware or is designed to download pieces of illegal applications to your devices. When you come across a phishing email, delete it.