21 May 2012

Watch out for fake DHL email


A new campaign of phishing emails pretending to be sent from the delivery company DHL, has been identified.

These fake emails state that the delivery of a package has failed due a problem with the recipient's address, and asks the recipient to open the attachment. The attachment contains a virus. DHL has confirmed that these emails are not from DHL and that the 'From' email address (status [at] dhl.com">status [at] dhl.com) is not an email address that is used by DHL. An example of the fake email is provided below.

Sample fake DHL email including DHL logo and attached zip file

Example of the fake DHL email

What we recommend you do

Please be careful when opening emails that you do not expect and are generic in nature. If you are suspicious about the authenticity of an email, don't open any attachments or click any links in the email. If it claims to be from a company, try contacting that company to verify the email is legitimate.

Where you can find more information

DHL has posted information regarding the fake DHL email here: http://www.dhl.com.au/en/express/resource_center/fraud_alert/virus_alert.html

For more information about phishing emails and how to spot them, click here: http://www.staysmartonline.gov.au/factsheets/factsheet_10

This information has been provided by CERT Australia.

CERT Australia logo


Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy.

The information included in this advisory is intended for use by private individuals and small to medium sized businesses. It is general information only and not intended as specific advice. It was accurate and up to date at the time of publishing.

As the material and information included in this advisory is general in nature and not adapted to any particular person's circumstances, it cannot be relied on to address specific cases. If you are concerned about a specific cybersecurity issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for:

  1. information included or referred to in the advisory; any damage,
  2. loss or expense incurred as a result of the information included or referred to in the advisory, whether by way of negligence or otherwise.

Nothing in this advisory (including the listing of a person or organisation) should be taken as an endorsement of a particular product or service. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that third party views or recommendations included in this advisory do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. Material on this site or in this advisory may also include information provided by third parties. The Commonwealth cannot verify the accuracy of any third party information included in the advisory or on the site.


Email: staysmartonline [at] dbcde.gov.au
You are receiving this message at the address erina.sheely [at] communications.gov.au.
Click here to update your profile preferences.
If you no longer wish to receive the SSO newsletter, you can unsubscribe.

© 2012 Australian Government. All rights reserved

Connect with Stay Smart Online