Beware of phishing emails from fake courier companies: SingCERT

Post a Fraud Alert:

SINGAPORE: It may look like a legitimate email from “DHL Express”, but click on the attachment and a malicious code would be downloaded onto the recipient’s device, infecting it with malware. 

Reports of such phishing emails from fake logistics companies have been on the rise recently, the Singapore Computer Emergency Response Team (SingCERT) warned on Friday (Jun 23). 

Phishing is a way of obtaining sensitive information such as passwords and bank account details from users. It works by convincing users to click on suspicious links or attachments. 

“Phishing emails are becoming increasingly well-written and appear legitimate. Hence, users need to exercise caution,” said SingCERT, which comes under the Cyber Security Agency. 

It gave the example of an email with the sender claiming to be from DHL Express and signing off as Customer Service from DHL Group. 

The email prompts the user to download an attached shipment receipt and provide an address in order for the package to be delivered to the “correct address”.

Example of a phishing email from a fake logistics company. (Image: SingCERT)

On its website, DHL noted that there have been attempts to “defraud Internet shoppers by the unauthorised use of the DHL name and brand.”

It said that in most cases, the fake emails asked for payment to be made for products bought online, before the goods can be delivered. 

“Please be advised that DHL does not request payment in this manner. DHL only collects money due for official DHL related shipping expenses,” said the courier company. 

SingCERT said users should not click on links or open attachments from unsolicited or suspicious emails.

It also gave the following advice:

– Inform your Internet Service Provider if you receive such suspicious emails;

– Do not provide personal information online unless you have verified the authenticity of such requests;

– Change passwords if user has you have unknowingly entered them into the phishing page;

– Inform your bank if you have provided your banking details or credit card credentials;

– If you have accidentally clicked on a link, run a virus scan immediately.