DHL websites that aren’t from DHL? Deutsche Post payment systems that we never created? Cybercriminals misuse our trusted brand for their evil deeds. We do not stand for that – and here’s how you can help, too!
We are all pretty sure that we could tell a fake from the real thing in most cases. No, that handbag a street hawker is selling for €20 isn’t from Versace. And is there really a Swiss watchmaker called Rollex or Ohmayga? Common sense is often a good guide – as is just stopping to think for a second.
We have written a lot about how to detect phishing e-mails and other criminal activities that try to get us to believe they are something they are not – but mostly we’ve been looking at the topic from an internal perspective. Today we would like to draw your attention to fake mails, websites and even social media posts that you might run into externally. And, of course, we will show you how to help fight the battle against those cybercriminals to protect our brand and you as our customers!
The activities we are talking about are those that try to mask themselves as our brand. Cyber criminals use a variety of techniques to obtain data on their victims through our Deutsche Post and DHL brands. In this way, they try to deceive not only us as a brand, but also you as our customers, our suppliers and potential job seekers. Well, just anyone who thinks an e-mail, a website or even a post on a social network comes from us, when in reality it doesn't.
Let me give you some real life examples:
- On an online marketplace, a “seller” asks the buyer via e-mail to transfer the payment using a transaction service of Deutsche Post. The buyer is led to a website that looks like it could be from Deutsche Post, but it is fake, tobe considered as trustwothy but misapplying our brand.
- A fake “buyer” pretends to be interested in a purchase from an online marketplace. The seller is asked to receive the payment via a DHL payment service (fraudulent, naturally). The innocent merchant is led to a fake DHL website where they are requested to create an account. Then, surprise! They are asked to pay a “registration fee” to receive their money.
- The scammers set up a “DHL” social media account and post on it that they are looking for job seekers interested in working for the company. To look even more enticing, the criminal offer free visas and flight tickets, for example for working in Canada. Unknowing job seekers are invited to join a chat, like on WhatsApp. During this “job interview” the candidates will be eventually asked for a payment to cover the costs of a security background check.
Yes, those are all true cases! And we are sure you understand why we as a company simply cannot accept this. It's not just that you as our stakeholders are being tricked, it's also damaging our brand and reputation. We suspect that in some cases users are not fully aware that they are not dealing with the DPDHL Group - and then feel misled by us, which leads to mistrust!
Luckily, we have found a way to deal with the criminals. In cooperation between our colleagues from Corporate Brand Management and Central Domain Management, we ensure that such fake domains or social media accounts are deleted, their use is revoked and in some cases criminal proceedings are even initiated against the perpetrators. For example, in all three incidents described above, they took immediate action and successfully closed down the websites and accounts.
Help us in the fight against cybercriminals!
You can help us in the fight against cybercriminals if you report everything you discover online too. All you have to do is to send conspicuous pages you have found to the following e-mail address: phishing-DPDHL@dhl.com.
It is a great help to us if you provide as much information as possible in your e-mail in a comprehensible form. This may include:
- the exact URL address the criminals are trying to draw you to (and not just the link to the top domain)
- any e-mail correspondence, such as the original phishing e-mail as an attachment
- any additional information such as phone numbers provided by the cybercriminals, social media account name, etc.
With this information the team can then take action against criminals and fraudsters. In most cases, information such as this has helped to prevent further criminal activity!
So please remember that e-mail address (firstname.lastname@example.org) and help us to protect our brand and your data!