A DHL delivery which is nothing but malware – Windows users warned of email attack

DHL and flyJust earlier this week, I warned about a malware attack that had been widely spammed out posing as a message from DHL Express International.

The trick, which is an old one, goes like this.

Cybercriminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx.

The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made.

Sign up to our free newsletter.
Security news, advice, and tips.

Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email).

And with that, your computer is infected and under the control of malicious hackers who have just planted a Trojan horse on your computer.

As attacks go, it’s pretty unsophisticated. But the fact that we see attacks using this formula virtually every day indicates that it’s a ruse that works well for the online criminals, and continues to help them make money.

I must admit that sometimes it’s pretty depressing working in the computer security industry, when you see people fall for the same trick time and time again.

Here’s the latest example, an email with the subject line “DHL delivery report”:

Malicious DHL email

The social engineering is simple, but it works. The email tricks you into believing that there is a parcel waiting to be shipped to them, but an incorrect postcode has messed the delivery up.

What does the email suggest you do? Print off the label (helpfully attached), and take it to your post office. But you best hurry! Because the email claims that they will begin to charge you if you dawdle too long.

It’s no wonder then that some folks will all too quickly open the attached file (called LABEL-ID-NY19032013-GFK78.zip in this case) and, as a result, infect their Windows computer with the Troj/Bredo-AGB Trojan horse.

Of course, this isn’t really DHL or FedEx’s fault. Their company name is being abused by the criminals and their brand image tarnished through association with such attacks.

Maybe you’re well-read about malware threats and would never fall for an attack like this. But can you say the same for your aunty, your father-in-law, your friends?

Do your bit to make the internet a safer place by helping raise awareness of security threats with your friends and family.

Stay safe out there.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.