DHL phishing page revealed

Posted byAnti-phishing Leave a comment on DHL phishing page revealed

This screenshot shows a phishing page impersonating DHL, targeting users with a fake package delivery notification. The scam demands a small payment (1.99) to complete delivery and collects full card details, cardholder name, and an ID number (likely a national ID or passport).

Threat Analysis: DHL Phishing – Fake “Delivery Confirmation” & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package is in transit and requires a small payment to complete delivery. The link leads to this page, which mimics DHL tracking interface. It displays:

  • A fake tracking code
  • A fake status (“in delivering”)
  • A message urging payment within a limited time (14 days)

The victim is asked to provide:

  • Cardholder name
  • ID number (national identification)
  • Full credit card number
  • Expiration date (MM/YY)
  • CVV (CVC)

The goal:
The attacker captures:

  • Full credit/debit card details (number, expiry, CVV)
  • Cardholder name and ID number – which can be used for identity theft or to answer security questions
  • The small payment request (1.99) is intended to lower suspicion

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not dhl.com or an official DHL domain.
  • Request for CVV and ID number: DHL never asks for your card security code or national ID to confirm a delivery.
  • Small fee trick: 1.99 is a trivial amount meant to make the payment seem insignificant.
  • Fake tracking code: The tracking code cannot be verified on the real DHL website.
  • Poor English / formatting: The page contains grammatical inconsistencies that would not appear on an official DHL page.

What to do if you encounter this:

  • Do not enter any personal, ID, or card information.
  • If you are expecting a DHL shipment, track it directly by typing dhl.com into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to DHL’s fraud team.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person or through the official site after logging in.
  • Check the URL carefully: Official DHL domains end with dhl.com or country-specific variants like dhl.de.
  • Enable transaction alerts on your bank account.

Leave a comment

Your email address will not be published. Required fields are marked *