Have you heard of the shipping company DHL? You probably have, though it might not be as familiar as competitors FedEx and UPS. And that’s what scammers are counting on.
Consumers have reported getting emails from “BHL” saying the company tried to deliver a package but couldn’t because there was no one there to sign for it. The email asks the consumer to confirm their address.
Wait a minute – BHL?
The scammers have changed one letter in the name but have recreated DHL’s familiar logo and adopted the company’s corporate style in the email, obviously hoping their intended victim will conclude the message is legit.
Phishing scam
The objective appears to be an old-fashioned phishing scam. The fraudsters embed a link in the email that directs their target to provide information. If they click on the link, the targets become victims.
The link takes the victims to a phishing website where their information is recorded as soon as they provide it. The information may be used by the scammers or sold on the dark web.
Scammers may also tell their victims that to deliver the package, the company must charge an additional fee, explaining that it already made one attempt without result. Legitimate delivery companies don’t do this.
The fee is small because the scammers aren’t really interested in collecting it. All they care about is the victim’s credit card information, which can easily bring money on the dark web.
Red flags
It’s all too easy to be tricked by this clever scheme but here are some things to look for. If you or a household member is not expecting a package delivery it’s probably a scam.
Closely examine the email address, paying particular attention to the domain. Is it @DHL or @BHL. If it’s BHL, then it’s definitely a scam.
How specific is the email? Does it have your name anywhere in it or could it have been sent to millions of other people? If you don’t see your name anywhere in the document, it’s not real.
Has DHL ever delivered a package to your address in the past? If so, the company knows where you live.
If you receive an email like this from a fake delivery company, just be sure you don’t click on any links. Simply delete it. If you did click on it, run a virus detection software on your device.