≡ Menu

DHL Spam Email: Don’t open the attachment!

Yesterday I received the following spam (phishing) email:

From: DHL Logistics Services <manager.no.6980@dhl.com>
To: [purplecar]
Sent: Mon, November 8, 2010 10:59:41 PM
Subject: DHL Tracking number N37234

Good afternoon

Your package has been returned to the DHL office.
The reason of the return is – Incorrect delivery address of the package

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.

Thank you for your attention.
DHL Global Services.

I closed the email without clicking on the attachment and forwarded it to abuse@dhl.com. That address didn’t work; it was a guess anyway. I would have to find a contact person at the DHL site. I searched Google for the DHL site. The abuse hotline or email address wasn’t readily apparent, so I went to the “Logistics” page and used their web-enabled contact form. I didn’t send the attachment but I copied in the entire abuse email with full headers. Here is DHL’s official response:

Hello Christine,

Thank you for contacting DHL.

Please be advised that if you received an email suggesting that DHL is attempting to deliver a package, requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the attachment is a computer virus, and the package does not exist.

Please do not open the attachment. This virus does not originate from DHL.

Thank you for bringing this to our attention. I can assure that this is not the practice of DHL and we are taking precautions to stop this fraudulent activity. Please make a note that in future you may reach our Fraud Department directly at Fraud.alert@dhl.com or by Fax: 773-409-5068.

Please use the following link to get more information:


We apologize for any inconvenience

Kind regards,

Jennifer D’souza
Digital Marketing DHL.com

Send any suspicious-looking emails that purport to come from DHL to Fraud.alert@dhl.com. As Ms. D’souza said, DO NOT OPEN THE ATTACHMENT. Forward the email to Fraud.alert@dhl.com and then delete it. Opening it should be OK as long as your computer doesn’t run .exe attachments or open attachments automatically.  It’s a good idea to click “cancel” or “no” if any .exe prompt comes up when you are checking email anyway. System updates and other such important stuff will try again. Virus stuff only gets a chance to run when you open up the attachments in email.

Thanks to Jennifer D’souza and DHL for the prompt and informative response.


Ya wanna know something weird? I just went in my email to copy the text of the spam email. Whilst I was highlighting the entire email, look at what popped up in the seemingly blank space below the email. It was “invisible” because it was in white type against a white background:

I crouched in my corner, cold and cramped, trying to visualise the terror of it.I asked myself whether I was afraid. Not of Death, I told myself. But of being afraid–yes, most horribly. At five oclock we halted at a junction, where a troop-train from the Front was already at a standstill. Tommies in steel helmets and muddied to the eyes were swarming out onto the tracks. They looked terrible men with their tanned cheeks and haggard eyes. I felt how impractical I was as I watched them–how ill-suited for campaigning. They were making the most of their respite from travelling. Some were building little fires between the ties to do their cooking–their utensils were bayonets and old tomato cans; others were collecting water from the exhaust of an engine and shaving. I had already tried to purchase food and had failed, so I copied their example and set about shaving.

OK so if I saw that, I would have definitely known it wasn’t from DHL. Does anyone know why this kind of spam is getting sent around? I’ve seen it before, and I’m not quite getting what the purpose is. Is some stark raving mad bad writer out to spam us all with his dreck? I just don’t get it. Please clue me in with a comment. Thanks.

UPDATE: My friends Zach Petersen and Rob Harrison pointed out the obvious to me as to why these blocks of text are in these messages. Spam filters are not sophisticated enough to see past the block of text. To the spam filter, the whole email seems OK because it looks like there are real, non-spammy messages in the body of the email. This is why, of course, the spammers make the text white, so you don’t see the poorly-typed-in-copied-text and immediately recognize it as spam.

The DHL spammers seem to employ this paste-in-text-and-make-it-undetectable method, so make sure to highlight the entire message if it seems to be coming from an official source. If there is odd text in it, you can be 100% certain it is spam and delete it.

Thanks, Zach and Rob for reminding me about how spam filters work. I dumbed out there for a second.

Comments on this entry are closed.

  • Britney1 10 November 2010, 11:18 am

    I got this same email too! I’m glad you posted something about it because I googled it, sensing it was too sketchy to believe. The only different thing in mine is the white text underneath:

    “To Jimmie, living the obscure and comparatively peaceful life of a Socialist propagandist, the question of sabotage, violence and crime had been a more or less academic one, about which the comrades debated acrimoniously, and against which they voted by a large majority. But now Jimmie was out among the wobblies, the blanket-stiffs–the unskilled workers who had literally nothing but their muscle-power to sell; here he was in the front-line trenches of the class war. These men wandered about from one job to another, at the mercy of the seasons and the fluctuations of industry. They were deprived of votes, and therefore of their status as citizens; they were deprived of a chance to organize, and therefore of their status as human beings. They were lodged in filthy bunk-houses, fed upon rotten food, and beaten or jailed at the least word of revolt. So they fought their oppressors with any and every weapon they could lay hands on.”


    • PurpleCar 10 November 2010, 11:30 am

      LMAO, seriously WTF!? That makes NO sense, man. It must be some sort of weird
      tracking device or something.


      • Clefford Dsouza 27 April 2011, 4:54 am

        Hello Christine,

        Thank You so much for guiding others who have also received this spam.
        Fortunately, the hacker has taken a break now and stopped sending spam emails as we have stopped receiving complains from the customer.

        You may contact me if for any other requirement or clarification.


        Jennifer D’souza

        • PurpleCar 27 April 2011, 8:59 am

          Jennifer, Thanks so much for straightening this out. More and more spam emails and phishing attempts are coming through. Hopefully people can surmise from this example that any future examples are also spam. If you do get any future examples that are different enough to warrant attention, please post them as a comment here. Thanks so much for your help.

          • S Dickenson 24 May 2011, 9:45 am

            oh yes they are still coming. I have auto deleted many but today I had time. Typed dhl.com into Google search and was surprised to discover a legitimate company. Then I tried dhl.com spam and your site popped up. I am very impressed with your well thought out and leve-headed responses. I will forward to DH fraud in addition to the spam@uce.govthat I generally use. 

            • PurpleCar 24 May 2011, 8:29 pm

              M. Dickenson,

              Yes, these emails will still come. There isn’t much you can do to stop them. Hopefully your spam filter catches them and you don’t see them in your Inbox too often. 

              Lately I’ve seen similar emails that seem to come from the US Postal Service or Federal Express (FedEx). They are all fake.

              Please always let companies know that they are being used in scam attempts. As you will see in the other comments here, DHL has officially responded to this particular spam. I found them to be very helpful and conscientious. 

              Thanks so much for commenting. I’m glad you found it helpful. Keep using that Internet search function! Especially when something looks suspicious.


  • PurpleCar 10 November 2010, 11:35 am

    I got another one of these emails today, entitled Track Your Parcel #4444. I highlighted the bottom and found this:

    Mit dir scheints anders.Jason. Ja, auch das, auch das! Es ist des Ungluecks eigentlichstes Unglueck, Dass selten drin der Mensch sich rein bewahrt. Hier gilts zu lenken, dort zu biegen, beugen, Hier rueckt das Recht ein Haar und dort ein Gran, Und an dem Ziel der Bahn steht man ein andrer, Als der man war, da man den Lauf begann. Und dem Verlust der Achtung dieser Welt Fehlt noch der einzge Trost, die eigne Achtung. Ich habe nichts getan was schlimm an sich, Doch viel gewollt, gemocht, gewuenscht, getrachtet; Still zugesehen, wenn es andre taten; Hier Uebles nicht gewollt, doch zugegriffen Und nicht bedacht dass Uebel sich erzeuge. Und jetzt steh ich vom Unheilsmeer umbrandet Und kann nicht sagen: ich habs nicht getan! O Jugend, warum waehrst du ewig nicht! Beglueckend Waehnen, seliges Vergessen, Der Augenblick des Strebens Wieg und Grab. Wie plaetschert ich im Strom der Abenteuer, Die Wogen teilend mit der starken Brust.

    What’s even funnier is I stuck this into Babelfish.altavista.com and got this:
    With you scheints differently. Jason. Yes, also that, also that! It is the misfortune eigentlichstes misfortune that in it humans retain themselves purely rarely. Here gilts to steer to bend there, here move the right there a hair and a Gran bend, and at the goal of the course one stands a andrer, when which was one, since one began the run. And still the einzge comfort, the own attention is missing to the loss of the attention of this world. I nothing done which badly actually, but much wanted, liked, wished, getrachtet; Quietly watched, if andre did it; Here Uebles intended, but accessed and not mindfully that for evils produce itself. And now stand I of the mischief sea umbrandet and cannot not say: I habs not done! O youth, why you do not last eternally! Making happy a believing, blessed forgetting, the instant of striving weigh and grave. As plaetschert I dividing in the river of the adventures, the waves with the strong chest.

    Yeah, ok. ???

  • Jimmy 10 November 2010, 12:42 pm

    I’ve got one of these e-mails too, first I got a bit suspicious about it so I did a search on google but didn’t find anything. So it almost convince me to be real, but when I opened the attached zip file I saw a .exe file and then I knew that it must be a spam/virus mail.
    So after a little more google I found your post which clearly told me that this was a spam 🙂 Thanks!
    Here is what was writen in mine:
    “The hours went by, and no living thing appeared in the desert, save a small cloud of vultures, heavy from feasting on a camel dead in the waste, and a dark- brown snake flitting across their path.Nothing all day save these, and nothing all the sleepless night save a desert wolf stealing down the sands. Macnamaras eyes burned in his head with weariness, his body became numb, but Mahommed Mahmoud would allow no pause. They must get so far ahead the first two days that Abdullahs pursuers might not overtake them, he said. Beyond Dongola, at a place appointed, other camels would await them, if Mahmouds tribesmen there kept faith. Dongola came at last, lying far away on their right. With Dongola, fresh camels; and the desert flight began again. Hour after hour, and not a living thing; and then, at last, a group of three Arabs on camels going south, far over to their right. These suddenly turned and rode down on them.”

    Best regards Sweden

    • PurpleCar 10 November 2010, 12:47 pm

      Thanks Jimmy! More bad writing in yours I see. Well, it isn’t so bad,
      actually… I wonder if it is just copied text from a published work.

      And what terms did you put into Google? Maybe I don’t have this post tagged
      correctly for Google Search for it to show up on the front page. Thanks.

      -Christine Cavalier


  • Tdurham1 10 November 2010, 1:36 pm

    I received an email from manager.no.5968@dhl.com to my home email reporting a delivery problem with a package. It has a file attachment that I didn’t open based upon information I found on http://www.purplecar.net. The email was sent on 11/9/10 and the caption states pickup.No64927 and reports that my package has been returned to the DHL office the reason is error in the delivery address.

    • PurpleCar 10 November 2010, 2:27 pm

      Thanks for adding that, Tdurham. Looks like there are a few different versions
      going around, and it’s good to have a record of each one.


  • Mahnpiyaluta 10 November 2010, 7:24 pm

    And I got the e-mail today from “federal.no.4828@dhl.com” with this:
    Your package has been returned to the DHL office.
    The reason of the return is – Incorrect delivery address of the package

    Attached to the letter mailing label contains the details of the package delivery.
    You have to print mailing label, and come in the SDF office in order to receive the packages.

    Thank you.
    DHL Global Mail.

    The hot blood rose to my eyes, somewhere a thought did lurk To finish both him and the job: but I knew now what I was, And out of the little office in helpless rage did I pass And went to my work, a SLAVE, for the sake of my child and my sweet.Did men look for the brand on my forehead that eve as I went through the street? And what was the end after all? Why, one of my shopmates heard My next nights speech in the street, and passed on some bitter word, And that week came a word with my money: You neednt come again. And the shame of my four days silence had been but grief in vain. Well I see the days before me: this time we shall not die Nor go to the workhouse at once: I shall get work by-and-by, And shall work in fear at first, and at last forget my fear, And drudge on from day to day, since it seems that I hold life dear. Tis the lot of many millions! Yet if half of those millions knew The hope that my heart hath learned, we should find a deed to do, And who or what should withstand us?

    Now THIS bizzarro message is appallingly bad writing ! So bad it should be entered in one of those “It Was A Dark and Stormy Night…” contests for bad writing.

    • PurpleCar 10 November 2010, 10:25 pm

      OK now THAT is bad writing! LOL!

  • playground 12 November 2010, 6:53 am

    I currently have problems getting one of my parcels delivered, so when I received the same email you had, I was almost convinced it was real. However, when I hihlighted it, I got this :
    Timmy sometimes wondered (only for a second) whether his people bothered him….No matter. There are things that cant be said. Lets shake it off. Lets dry ourselves, and take up the first thing that comes handy…. Timmy Durrants notebook of scientific observations. The eyes fix themselves upon the poker; the right hand takes the poker and lifts it; turns it slowly round, and then, very accurately, replaces it. The left hand, which lies on the knee, plays some stately but intermittent piece of march music. A deep breath is taken; but allowed to evaporate unused. The cat marches across the hearth-rug. No one observes her. Only half a sentence followed; but these half-sentences are like flags set on tops of buildings to the observer of external sights down below. What was the coast of Cornwall, with its violet scents, and mourning emblems, and tranquil piety, but a screen happening to hang straight behind as his mind marched up?

    which of course made me very suspicious.
    I’m glad I was able to find your article (: I can now be sure it’s not from DHL.

    Thank you very much !

    • PurpleCar 12 November 2010, 10:00 am

      LOL! Wouldn’t it be great if highlighting was always the easy way to test for

      Well, *ahem* as the text says. “No Matter” A good internet search always pays
      off and takes hardly any time at all! Thanks for sharing your lovely example of
      more bad writing. The cat marches on!


  • kmg 12 November 2010, 11:59 am

    I was looking info about this DHL e-mail because I got one as well and after reading your post, I went to check the white background of the e-mail I received and I found this:

    All divided that were bred so long at school together Began discourse of my not getting of children Came to bed to me, but all would not make me friends Feared I might meet with some people that might know me Had no mind to meddle with her Her impudent tricks and ways of getting money How little to be presumed of in our greatest undertakings Mind to have her bring it home My wife made great means to be friends, coming to my bedside Never to trust too much to any man in the world Not well, and so had no pleasure at all with my poor wife Not when we can, but when we list Now against her going into the country (lay together) Periwigg he lately made me cleansed of its nits Presse seamen, without which we cannot really raise men Shakespeares plays She had the cunning to cry a great while, and talk and blubber There eat and drank, and had my pleasure of her twice These Lords are hard to be trusted Things wear out of themselves and come fair again To my Lord Sandwich, thinking to have dined there Upon a very small occasion had a difference again broke out Very high and very foule words from her to me What wine you drinke, lett it bee at meales All the men were dead of the plague, and the ship cast ashore And with the great men in curing of their claps Expressly taking care that nobody might see this business done Having some experience, but greater conceit of it than is fit Helping to slip their calfes when there is occasion Her months upon her is gone to bed I had agreed with Jane Welsh, but she came not, which vexed me Lay long caressing my wife and talking Let her brew as she has baked New Netherlands to English rule, under the title of New York Reduced the Dutch settlement of New Netherlands to English rule Staid two hours with her kissing her, but nothing more Strange slavery that I stand in to beauty Thinks she is with child, but I neither believe nor desire it Up, my mind very light from my last nights accounts We do nothing in this office like people able to carry on a warr Would either conform, or be more wise, and not be catched!


    It doesn’t make any sense at all, what’s going on in here?

    • PurpleCar 12 November 2010, 12:13 pm

      I really wish I knew why spam emails have these long chunks of random text in it. As I said, it must be some sort of tracking device.

  • Bibi 12 November 2010, 9:06 pm

    I received this mail 3 days ago and I’m waiting a package. So I thought it was true. I call DHL of my town and the didn’t find anything.
    Now I know it’s a spam
    (my english is bad i speak french:))

    • PurpleCar 12 November 2010, 11:35 pm

      Your English is great! c’est bon, votre anglais. I do not speak any French!

      Good job! Toujours appel DHL! Always call DHL first. DHL français enverra
      l’email en français, ne anglais. I would think that DHL in France would email in
      French, not English.

      le texte est-il au fond de l’email ? Is there text at the bottom of the email?


      • Bibi 15 November 2010, 7:05 pm

        what I received

        From: DHL Logistics Services
        To: xxx@yahoo.com
        Sent: Wed, November 10, 2010 10:31:03 AM
        Subject: Track your shipment No719433

        This is a post notification.

        Your package has been returned to the DHL office.
        The reason of the return is – Error in the delivery address

        Attached to the letter mailing label contains the details of the package delivery.
        You have to print mailing label, and come in the SDF office in order to receive the packages.

        Thank you for your attention.
        DHL Global Mail.

  • Robertkatkins 13 November 2010, 11:17 am

    This is Spam! Attachments Track your parcel S.NR68236

  • jake 13 November 2010, 5:21 pm

    Most of the hidden text I’ve seen are paragraphs from fiction novels, or odder, spliced sentences from diverse works. The purpose, as your update says, is to fool spam filters. Seems an easy fix though, just need a rule to bump the spam points up if large amounts of text are coloured similar to the background.

    • jake 13 November 2010, 5:26 pm

      In your case, it’s “The Glory of the Trenches”, by Coningsby Dawson. I assume spammers are abusing the efforts of those publishing online books in public domain.


  • Comehithermozzarella69 17 November 2010, 8:33 am

    gr8 advice, not everyone is computer literate so it would be easy not to think the worst. Y do these ppl do these kinda things? whats wrong with them and what do they get out of it? Karma has a funny way of cming back and biting you on the A so lets hpe they get whats coming to them soon

  • mike s 22 November 2010, 6:14 pm

    The DHL malware attack has been around for years, unfortunately…

    Here’s what to do if you get a spam or malware-laden msg and want to track down the real sender:

    –Submit it via e-mail to http://www.spamcop.net/

    –The reply will contain the real sender(s) and extract any URLs referenced. If abuse addresses at those domains are known, they will also be provided.

    –You can use SpamCop’s interface to send abuse reports, but it redacts some of the info — and many recipients refuse munged SpamCop reports. I send a brief “This msg violates your terms-of-service” note prepended to the full message (including headers).

    I only bother w/ SpamCop for msgs that don’t get trapped by my spam filter. If the spammers/botnet owners waste my time, they have won! 🙂

    Also, training your spam filter on a msg w/ text blocks will cause future msgs containing those blocks to be be trashed in the future! Spammers are lazy — it’s not like every book ever written has been excerpted…

  • PurpleCar 22 November 2010, 6:18 pm

    Mike, I think the suggestion for the spam filter was to put in some code that detected text color, and if text color matched or was close to background color, then the code would dump the email into the spam pile.

    I’m digging the spamcop http://www.spamcop.net/ . gonna check that out. I love people who appreciate full headers.

  • Billegoat 2 February 2011, 9:39 pm

    Interestingly the text is from The Glory of the Trenches by Coningsby Dawson

  • Andreas 7 March 2011, 2:18 am

    I get one every day now and I had the attachment scanned for virus.. All ok says my virus software. Still, I didn’t open as I had a very bad feeling about it.
    Just wondering here, why doesn’t a huge and powerful company like DHL hunt the bastards that are behind this down? I know it’s difficult, but it’s not impossible.

  • GAthompson 5 April 2011, 4:34 pm

    Some emails are also prproting to come from UPS too.

    • PurpleCar 6 April 2011, 6:19 am

      Yes, there are a lot of emails lately from UPS, USPS, and FedEx. Not one of them
      is a legit email. The general rule is to be very suspicious of any emails that
      seem to come from any postal business. The USPS leaves notes at your delivery
      address. The UPS and Fedex services have the delivery point’s phone number and
      they will use that, after they leave notes at the delivery point. At no time in
      their process do they send unsolicited emails. Businesses using the services of
      UPS or FedEx or even the US Postal Service will send delivery notification
      emails but those notification emails require no participation from the receiver.
      They are simply notifications to let you know an item is shipped.

      This delivery scam is a modern version of the a very old one. We just need to
      warn people to be careful. Thanks for adding to the knowledge base, GA.

      -Christine Cavalier


      • elprofe_64 30 May 2011, 3:03 pm

        Very complete and useful advice, thanks!

    • elprofe_64 30 May 2011, 3:02 pm

      I’ve been getting the DHL ones and just started getting similar virus emails suposedly from FEDEX too.

      • PurpleCar 30 May 2011, 8:14 pm

        I can’t believe how common they are getting. Who doesn’t love packages and “real” mail, though? It’s a perfect scam situation. 

        But definitely spread the word about a google or other engine search. Always search. It doesn’t take much time and may save you plenty.

        thanks for coming, Elprofe_64

  • Carguy 20 June 2011, 12:34 pm

    OK I fell for it, BUT I have a package enroute via DHL at this time that should be delivered today so I just assumed it was legit as I am expecting something from DHL. I did click on the attachment. NOW WHAT!

    • PurpleCar 20 June 2011, 10:04 pm

      Car guy,

      Alert your credit card companies and change any email address passwords or any passwords you may have used. 

      Update your virus software and run a check on your system. 

      Let me know how it goes. 


  • Jinikyut 3 August 2011, 9:07 pm

    hi im from Philippines,, i havent check my mail for like 2months because i made a new one,, then just this morning i thought of checking my old email and there i have it! the DHL spam letter,, at first i thought was it true? but then the email was june.2.2011 so then i told myself if it was true then  i should have the freakin package..lol i thought of opening the attachment but i have this serious habit of  googling the “topic” first before opening a suspicious email and whoallla! i found this page.. thank you for the info 🙂 now that dhl email is now pernantly deleted hahaha thanks to you 🙂

    • PurpleCar 4 August 2011, 8:01 am


      You are so welcome and it is my pleasure.

      Good for you on searching for the topic! Very, very smart! Always do the search before opening and teach that skill to at least one other person, and this will be a much safer world for us all. Thanks so much for letting me know. Sometimes we bloggers wonder if we’re doing any good or just shouting out into the darkness.

      -Christine Cavalier

  • Lorel 15 May 2012, 5:22 pm

    I start getting delivery notification spam every time I order something online. I’d sure like to know how come they know I ordered something.

    • PurpleCar 15 May 2012, 8:56 pm


      Figure out how to delete your browsing history and your cookies on all of your browsers. See if that helps.

  • Lee 6 June 2012, 8:06 pm

    I was waiting for a package and clicked on attach of DHL spam email 2012 on my iPhone, iPad and my pc.
    Nothing happened as far as I know.
    Do you think there is spyware or virus in those devices? What Should I do? Thanks!!

    • PurpleCar 7 June 2012, 9:41 am

      Hi Lee.

      You should have anti-virus software on your PC. If you do not, please buy some. I like Kaspersky.com, but Norton, Symantec, etc. will do. Don’t rely on free anti-virus software. Install and run it, and keep it up to date.
      Your iPad doesn’t have anti-virus software because the theory is that no viruses will get on it. You can’t really download things on an iPad unless it is from the iTunes store, and nothing in the iTunes store has virus on it.
      Your iPhone should be ok, too. It works the same way as the iPad does, in terms of virus threats.
      Also, clear out your browsing history and all of your cookies in your web browser.
      As long as you didn’t fill out any information or install any .exe’s after you clicked on the attachment, AND have anti-virus up-to-date and running, you should be OK.

  • FRANCY872 24 May 2015, 12:47 am

    I just received that same email some minutes ago…! looks like the hacker hasn’t taken a break afterall…. its just crazy because I actually was expecting to receive something…but then this email came a bit late coz I received my package three days ago…thanks for bringing this matter into our attention..now I know exactly what to do next time.

    • Christine Cavalier 25 May 2015, 5:46 pm

      You’re welcome – thanks for telling me the post was helpful and it’s still relevant. It’s a shame it’s still relevant! I always search on emails from major package deliverers, as UPS, DHL, et al, usually telephone customers. I only receive UPS email updates because I’ve expressly signed up for them, and those emails never ask for any action from me. This is the key thing: action from the recipient requested via email should always be a warning signal.

Next post:

Previous post: