Skip to main content


Posted on Friday, March 5, 2021 in Privacy & Security

Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let's take a look at a recent shipping-themed phishing attack and seeLock over Credit Cards if you can spot the red flags:

Sent from "Dhl Express", the email claims that you have something waiting for you at your local post office. The message states "To receive your parcel, Please see and check attached shipping documents." and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click "View PDF Document" your email address and password will be sent straight to the bad guys.

How many red flags did you see? Remember the following tips:

  • Look for poor grammer and capitalization. For example, the sender name "Dhl" should be "DHL".  Also, in the body of the email, the word "Please" is in the middle of a sentence, so this should be lowercase.
  • Check the file type. The email attachment is a .html file, but most legitimate documents are shared as PDFs, spreadsheets, or word documents. HTML files are designed to be opened in a web browser, much like a link to a website.
  • Watch out for anything out of the ordinary. An Adobe PDF login window blocking what appears to be a Microsoft Excel file is quite unusual.

Stop, Look, and Think. Don't be fooled,
The KnowBe4 Security Team

Back to Top