Spain's National Cybersecurity Institute (Incibe) has issued a medium-level alert (level three out of a possible five) after detecting a fraudulent campaign in which DHL's identity is impersonated and users are asked to pay to recover a package that has been returned, all with the aim of accessing the victims' banking information.
In this scam, mass emails are sent to users and they are falsely informed that a supposed package has been returned to the DHL office.
To prevent the package from being returned to the sender, they are asked to make a payment and are provided with a link in the email to do so. Upon accessing the link, the victim is asked to enter personal and banking information through various forms that appear during the process, explains Incibe.
Specifically, the email informs of a notification of a DHL shipment, which has been returned to an office of the company itself, and tells the user that they must pay a shipping cost of 2.65 euros if they do not want their package to be returned to the sender.
"If we look at the sender's address, it has no connection to DHL. To give the email more credibility, the cybercriminals have included the company's logo. In addition, the link contains a domain that simulates the legitimate DHL domain (www.dhl.com), although the 'www.' is missing. Likewise, when clicking on the link, the page redirects to another domain that has nothing to do with the official one," the entity details.
If the user has received an email of this type and has not provided any data, Incibe recommends marking it as 'spam' and deleting it from the inbox.
However, if the user has shared their banking or personal details through the fraudulent website, the victim must report the situation to their bank so that appropriate measures can be taken, such as cancelling the affected card.
Along these lines, Incibe also recommends that potential victims of this scam check the transactions in their affected bank account in the coming months, so that if they detect unauthorized charges, they can immediately report them to their bank.
It also calls for gathering all possible evidence, such as emails and screenshots of the process, and then contacting the State Security Forces and Corps to hand over all the evidence.