DHL say it is urgently investigating a potential “smishing” text message as scammers try to cash in on parcel deliveries ahead of Black Friday and Christmas.
A DHL Express New Zealand spokesperson today confirmed the company was investigating the possible smishing (SMS) messages.
“The potentially fake SMS claims to be from DHL and asks recipients to call a hyperlinked landline number to provide further information to get their shipment released from customs,” the spokesperson told the Herald.
“Your shipment is held for Customs Clearance,” the text read, with one specimen shared on Reddit appearing to encourage people to then call a DHL number, and sent from an extremely long number beginning with the New Zealand calling code.
DHL said any customer receiving a message believed to be suspicious could verify it by contacting the company’s customer service team on 0800 800 020.
“The security of our customers and online platforms is a priority and we are constantly working to enhance the strength of these systems and processes,” DHL added.
“Unfortunately, this type of criminal activity is becoming more sophisticated and frequent, particularly during the peak Christmas period when freight volumes increase, so we take all potential threats seriously and are investigating this with urgency.”
Some sceptical customers shared these messages on Reddit to raise concerns about a possible parcel delivery scam. Photo / Reddit
The DHL spokesperson added: “We encourage anyone who is concerned about the authenticity of a text message not to reply, and to verify it by calling our customer service team.”
The National Cybersecurity Centre (NCSC) said the possible DHL scam texts, unlike phishing messages, often had no link in them.
“It can sometimes be difficult to ascertain if a message is a phishing text,” the NCSC added.
Phishing referred to messages seemingly from a credible source but were intended to dupe recipients into disclosing personal details such as passwords and credit card information.
“However, we know text messages like this are a common phishing tactic,” the cybersecurity centre added.
“Scammers often send messages about parcels that couldn’t be delivered or are held up at Customs to trick recipients into clicking on phishing links or calling a number.”
The cybersecurity centre said an uptick in phishing texts sent to New Zealanders was detected last year in the weeks approaching Christmas and New Year.
“These messages claim to be from NZ Post, DHL, or other postal agencies and ask you to click on a link. Since it’s a time of year when a lot of people are actually expecting parcels, these messages appear all the more credible.”
The NCSC advised people to be wary of any unexpected messages, especially if one was not expecting a parcel.
“If you get a text message that looks suspicious, do not click on the link or call the number provided. Instead, you can call the postal company on their publicly listed number and ask if the text is genuine.”
The cybersecurity centre said if the text was from a company the recipient was unfamiliar with, the recipient should research the company by reading reviews or checking how long their website had been around.
“Scammers use links that resemble an official one, with words like “nz-post” or “dhl-nz” in the URL to make them look legitimate,” the NCSC added.
‘Sense of urgency’ and scam-yourself attacks
“They also create a sense of urgency so you have less time to think before you respond to them,” the cybersecurity centre said.
“The best course of action is always to contact the company on their publicly listed website or phone number.”
Meanwhile, Nasdaq-listed most prominent Gen Digital Inc, formerly Symantec Corporation, said in a third-quarter threat report it had detected a 614% increase in “scam-yourself attacks” where users were guided to infect their own devices.
Gen said these attacks deployed social engineering to fool people into installing information stealers, droppers and other traditional malware.
Droppers, according to Europol, were malicious software designed to install other malware onto a target system.
Gen said scam-yourself attacks were the third most prominent threat to Kiwis in the third quarter, after general scams and malvertising, where online ads were infected.
“In New Zealand, email threats such as phishing attempts, fake invoices, extortion demands for cryptocurrency and lottery scams are increasingly common.”
It said dating or romance scams were still rampant too, as were technical support scams, where criminals posed as IT professionals to access devices or financial data.
“These shifts in targeting strategies and tactics signal the importance of remaining on alert for new methods and flavours of online scams,” Gen added.
John Weekes has covered crime and courts for publications including the Herald, Herald on Sunday, Dominion Post, and for News Corp, Australia.
Take your Radio, Podcasts and Music with you
