DHL Express Phishing Scam: How to Spot Fake Delivery Emails in Australia

• phishing
• email scams
• DHL Express

Learn how to identify and avoid the latest DHL Express phishing scam targeting Australians with fake delivery notices and payment requests.

A New DHL Express Phishing Scam Is Targeting Australians

A new wave of phishing emails impersonating DHL Express is sweeping Australia, cleverly designed to steal your personal and financial information. These emails use convincing fake delivery notifications to create urgency, pressuring recipients to confirm their address or pay a small import fee. But their real objective is much more sinister: to harvest names, birthdates, phone numbers, email addresses, and credit card details through a series of well-branded phishing pages.

What Does the Scam Look Like?

The phishing emails appear to come from “Fynd” using the sender address hey(at)gofynd(dot)com. However, scammers cleverly craft each message to spoof the recipient’s domain, increasing their credibility and making it harder to detect.

• Subject Line: DHL: Address Confirmation Required
• Body: A fake package status update urges the recipient to confirm their delivery address by clicking a prominent red button labeled "Confirm Delivery Address".

Clicking the button leads the victim through a series of deceptive phishing pages, all designed to mimic the look and feel of genuine DHL websites:

• Address Confirmation Page: Requests contact and delivery details.
• Personal Details Page: Collects sensitive information like your birth date and phone number.
• Payment Page: Asks for credit card details for a bogus import duty charge (usually around $1.99).
• Loading/Delivery Status Page: Shows a fake progress screen to maintain the illusion.

These phishing pages are typically hosted on suspicious domains such as trustwe3.com, which have no legitimate association with DHL.

Why This Scam Is So Dangerous

While the phishing attack is technically simple—built using basic HTML and common branding tricks—it is extremely effective. The emails are tailored to recipients, sometimes spoofing organisational domains, making them appear even more authentic. The step-by-step process lowers suspicion until it’s too late.

By the end of this fake journey, scammers have collected enough personal and financial information to commit identity theft, make fraudulent purchases, or sell your data on the dark web. Organisations that frequently deal with package tracking and delivery emails are especially at risk.

How to Spot and Avoid DHL Phishing Emails

• Unexpected Emails: Be wary of delivery notices you weren’t expecting.
• Urgent Language: Watch for messages urging you to act immediately or face consequences.
• Impersonal Greetings: Legitimate companies will usually address you by name, not generic terms.
• Poor Grammar: Misspellings and awkward language are red flags.
• Suspicious Links: Hover over links to check if the URL matches DHL’s official website. Fake domains are a major warning sign.
• Requests for Payment or Personal Info: Be sceptical of emails asking for sensitive data or payment for delivery fees.

What Should You Do If You Receive a Suspicious Email?

• Do not click any links or download attachments.
• Delete the email immediately.
• If you’re unsure, contact DHL directly using official contact information from their website.
• Report the phishing email to the ACCC’s Scamwatch and your email provider.
• If you have entered information, contact your bank and consider a credit check to watch for fraud.

Stay Informed and Stay Safe

Phishing emails are constantly evolving, but staying vigilant and knowing the warning signs will help you avoid falling victim. Always double-check unexpected delivery notices and think twice before sharing personal details online. By keeping informed, you protect both your identity and your finances.