Christmas time is parcel season, and fraudsters also want to take advantage of this. A “fresh” email is therefore aimed at Packstation data.

Mimikama: Warning

The following email claims that your address has not been confirmed with the DHL Packstation Service.

image

The content of this email in plain text:

Dear Packstation customer, December 7th, 2015

not confirmed your email address: […]@gmx.de

In order to continue using your Packstation, you must confirm your email address!

If you do not comply with this request within 14 working days , your Packstation will be permanently blocked and you will have to go through the registration process again.

Confirm now (click here)

Kind regards,
your DHL team

Paket.de – your way to individual parcel receipt and shipping.

Although this email appears to be presented smoothly and error-free, the lack of a salutation is already an indication of attempted fraud.

The inserted and fictitious deadline of 14 days in this email is intended to create a certain pressure that people click on the link and follow the instructions.

SPONSORED AD

Phish

However, this email comes from the hands of fraudsters. An updated protection software quickly shows a corresponding warning:

image

Without protection software you end up on a page that quite authentically imitates a login to the DHL website. All you need to do here is take a look at the address bar in your browser. The page “ijyikyqe.deinewelt-packstation.com/anmelden.php” is very similar to a real-looking page name, but it is also clear that there is no secure HTTPS connection. So it's a fake, which looks like this:

image

This page is aimed at the DHL access data.

General phishing warning:

  • Phishing emails generally try to appear as if they come from the relevant company . Fraudsters use these to try to get personal data, preferably bank credit cards or other payment data.
  • The real “art” of these emails is the story with which the recipient is supposed to trust the email and open the inserted link. Expression, grammar and spelling, as well as plausibility and individuality play a very important role here. Especially in the recent past, there have been an increasing number of emails that shined with individuality: they could address the recipient with the correct name and also provide actual address and personal data.
  • However, you can generally note: Banks, payment and purchase portals never ask you to log in to the account using a built-in link! In addition, although a generic salutation is always an indication of phishing, an existing correct salutation is not proof of the authenticity of an email .
  • Never log in via a link that is sent by email, but always type the relevant page by hand into the address bar of your browser and log in there. If there are actually announcements of the relevant service, they will be displayed there. In addition, if possible, you should also refrain from carrying out banking transactions via public/third-party WiFi networks , as you never know exactly whether (and in an emergency from whom) these networks are being used be logged.
  • Never enter real data in the form fields! Under certain circumstances, the data can even while typing without having to confirm with “continue”.
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )