Yesterday I received the following spam (phishing) email:
From: DHL Logistics Services <firstname.lastname@example.org>
Sent: Mon, November 8, 2010 10:59:41 PM
Subject: DHL Tracking number N37234
Your package has been returned to the DHL office.
The reason of the return is – Incorrect delivery address of the package
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the SDF office in order to receive the packages.
Thank you for your attention.
DHL Global Services.
I closed the email without clicking on the attachment and forwarded it to email@example.com. That address didn’t work; it was a guess anyway. I would have to find a contact person at the DHL site. I searched Google for the DHL site. The abuse hotline or email address wasn’t readily apparent, so I went to the “Logistics” page and used their web-enabled contact form. I didn’t send the attachment but I copied in the entire abuse email with full headers. Here is DHL’s official response:
Thank you for contacting DHL.
Please be advised that if you received an email suggesting that DHL is attempting to deliver a package, requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the attachment is a computer virus, and the package does not exist.
Please do not open the attachment. This virus does not originate from DHL.
Thank you for bringing this to our attention. I can assure that this is not the practice of DHL and we are taking precautions to stop this fraudulent activity. Please make a note that in future you may reach our Fraud Department directly at Fraud.firstname.lastname@example.org or by Fax: 773-409-5068.
Please use the following link to get more information:
We apologize for any inconvenience
Digital Marketing DHL.com
Send any suspicious-looking emails that purport to come from DHL to Fraud.email@example.com. As Ms. D’souza said, DO NOT OPEN THE ATTACHMENT. Forward the email to Fraud.firstname.lastname@example.org and then delete it. Opening it should be OK as long as your computer doesn’t run .exe attachments or open attachments automatically. It’s a good idea to click “cancel” or “no” if any .exe prompt comes up when you are checking email anyway. System updates and other such important stuff will try again. Virus stuff only gets a chance to run when you open up the attachments in email.
Thanks to Jennifer D’souza and DHL for the prompt and informative response.
Ya wanna know something weird? I just went in my email to copy the text of the spam email. Whilst I was highlighting the entire email, look at what popped up in the seemingly blank space below the email. It was “invisible” because it was in white type against a white background:
I crouched in my corner, cold and cramped, trying to visualise the terror of it.I asked myself whether I was afraid. Not of Death, I told myself. But of being afraid–yes, most horribly. At five oclock we halted at a junction, where a troop-train from the Front was already at a standstill. Tommies in steel helmets and muddied to the eyes were swarming out onto the tracks. They looked terrible men with their tanned cheeks and haggard eyes. I felt how impractical I was as I watched them–how ill-suited for campaigning. They were making the most of their respite from travelling. Some were building little fires between the ties to do their cooking–their utensils were bayonets and old tomato cans; others were collecting water from the exhaust of an engine and shaving. I had already tried to purchase food and had failed, so I copied their example and set about shaving.
OK so if I saw that, I would have definitely known it wasn’t from DHL. Does anyone know why this kind of spam is getting sent around? I’ve seen it before, and I’m not quite getting what the purpose is. Is some stark raving mad bad writer out to spam us all with his dreck? I just don’t get it. Please clue me in with a comment. Thanks.
UPDATE: My friends Zach Petersen and Rob Harrison pointed out the obvious to me as to why these blocks of text are in these messages. Spam filters are not sophisticated enough to see past the block of text. To the spam filter, the whole email seems OK because it looks like there are real, non-spammy messages in the body of the email. This is why, of course, the spammers make the text white, so you don’t see the poorly-typed-in-copied-text and immediately recognize it as spam.
The DHL spammers seem to employ this paste-in-text-and-make-it-undetectable method, so make sure to highlight the entire message if it seems to be coming from an official source. If there is odd text in it, you can be 100% certain it is spam and delete it.
Thanks, Zach and Rob for reminding me about how spam filters work. I dumbed out there for a second.