DHL phishing page revealed

Posted byAnti-phishing Leave a comment on DHL phishing page revealed

This screenshot shows a phishing page impersonating DHL, targeting users with a fake package delivery notification. The scam demands a small payment (1.99) to complete delivery and collects full card details, cardholder name, and an ID number (likely a national ID or passport).

Threat Intel: This deceptive layout was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the dangerous destination URL has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "DHL phishing page revealed" phishing interface captured during link moderation on our platform.
Figure 1: Actual screenshot of the live scam infrastructure intercepted by our security systems.

Threat Analysis: DHL Phishing – Fake “Delivery Confirmation” & Card Harvesting

How it works:
The victim receives an SMS or email claiming a package is in transit and requires a small payment to complete delivery. The link leads to this page, which mimics DHL tracking interface. It displays:

  • A fake tracking code
  • A fake status (“in delivering”)
  • A message urging payment within a limited time (14 days)

The victim is asked to provide:

  • Cardholder name
  • ID number (national identification)
  • Full credit card number
  • Expiration date (MM/YY)
  • CVV (CVC)

The goal:
The attacker captures:

  • Full credit/debit card details (number, expiry, CVV)
  • Cardholder name and ID number – which can be used for identity theft or to answer security questions
  • The small payment request (1.99) is intended to lower suspicion

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not dhl.com or an official DHL domain.
  • Request for CVV and ID number: DHL never asks for your card security code or national ID to confirm a delivery.
  • Small fee trick: 1.99 is a trivial amount meant to make the payment seem insignificant.
  • Fake tracking code: The tracking code cannot be verified on the real DHL website.
  • Poor English / formatting: The page contains grammatical inconsistencies that would not appear on an official DHL page.

What to do if you encounter this:

  • Do not enter any personal, ID, or card information.
  • If you are expecting a DHL shipment, track it directly by typing dhl.com into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to DHL’s fraud team.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are handled in person or through the official site after logging in.
  • Check the URL carefully: Official DHL domains end with dhl.com or country-specific variants like dhl.de.
  • Enable transaction alerts on your bank account.

Leave a comment

Your email address will not be published. Required fields are marked *