New Fake DHL scam
This is how cybercriminals try to rip off online shoppers
Just enter the address and pay a few francs so that the order can be redelivered. But then the trap snaps shut. The latest scam: scammers working with fake DHL sites. The federal government is aware of several cases.
Published: 01/31/2023 at 00:15
|
Updated: 9:11 am
package ordered? The cyber criminals work with fake DHL profiles.
Benno TuchschmidCo-Head of Society
What a bargain! Pretty sneakers for 91.96 francs instead of 114.95 – ordered directly from the Swiss subsidiary of a German sports brand. Tom Hächler* was satisfied.
A few days after placing the order – and shortly after he had received an email that his shoes were on their way to him – Hächler received an SMS. Sender “DHL-Track”: “We could not deliver your package today. Please visit www.ch-liefer.net/786sr to update your delivery information.»
Tom Hächler clicks on the link and is asked to enter his address and pay CHF 2.45 for the new delivery. “I know the dangers of cybercriminals, but at the moment I was only thinking about my sneakers,” says Hächler. He types in his credit card information. Press «pay». And is looking forward to his new sneakers.
A few minutes later, Hächler receives another text message. This time from his bank’s credit card company: A charge of 1579 euros was rejected.
“That’s when I realized: I had fallen into the trap,” says Hächler. Blessing in disguise. The credit card company’s warning systems worked – and saved Hächler from major financial damage.
Official DHL number as sender
Four similar cases are known to exist at the federal National Center for Cybersecurity (NCSC). Particularly perfidious: the cybercriminals operate covertly by using an official DHL number.
“I trusted the SMS because the sender’s name was DHL-Track. That was a big mistake, »says the victim Hächler. Experts call this «spoofing».
DHL writes on its website that there are many emails and graphics in circulation that “apparently come from DHL”: “Please note that DHL does not ask for advance payment for goods. DHL only collects fees for official DHL-related shipping costs.»
The DHL fake mails look something like this: Providers such as Gmail warn of spam with a red banner.
For the moment the danger is averted. “The phishing site has now been blocked,” says Manuela Sonderegger, spokeswoman for the NCSC.
The timing is always right for some
According to the NCSC, it is a coincidence that the SMS from the fraudsters arrived at the time when Hächler was actually waiting for an order.
Assuming that one eighth of the Swiss population, around one million people, place an online order per week and the attackers sent 100,000 e-mails or SMS with fake parcel notifications to Swiss people in one week, “then get From a purely statistical point of view, 12,500 people also received a corresponding fraudulent e-mail in the same week in which they ordered online, »says Sonderegger.
At least the sneakers have arrived. And they fit.
*Name changed