DHL phishing during the peak online shopping season
With "Cyber Week", online retail kicks off the year-end sprint. Online fraudsters aim to lure victims with alleged additional payments.
(Image: heise medien)
"Hello, your shipment could not be processed because the maximum permissible weight was exceeded" – this is how a deceptively authentic phishing email begins, which is currently landing in the inboxes of many internet users. Cybercriminals are trying to find victims by capitalizing on the high probability of expected parcel shipments at the moment.
(Image:Â heise medien)
The Phishing emails appear inconspicuous on the surface and closely resemble genuine DHL shipment tracking emails. However, they usually include a personal address, as DHL naturally has recipient data such as names. Also unusual is the link for supposed shipment tracking, which instead of leading to "https://nolp.dhl.de/" redirects to the URL shortener https://shorten[.]so/.
Phishing form
The fake shipment tracking website is hosted on the domain "https://www.dhl-sendungsstatus[.]de/". This is also deceptively crafted. However, attentive visitors will notice that the stated date of 11/22/2025 was a Saturday, not a Wednesday. Clicking on the "Pay additional fees" link leads to an official-looking form. However, this only appears in a browser for smartphones or tablets; on desktop web browsers, the form page displays an HTTP 404 error – Page not found.
(Image:Â heise medien)
There, potential victims are asked to provide their personal data, such as address, phone number, and email address. The only payment method offered is credit card. After entering the address, another form requests credit card details, which the fraudsters then use to steal money from the victims immediately.
Videos by heise
The perpetrators can misuse the data directly. Often, however, it ends up in data dumps, where criminals then resell it to interested parties.
Online criminals rely on current events to increase the potential number of victims. In addition to the phishing waves observed now during the pre-Christmas season, for example, coinciding with the start of the heating season, a surge in fake shops offering cheap oil, gas, or firewood deliveries could be observed. However, they do not deliver after prepayment, and the money is usually gone.
(dmk)
