Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

DHL delivery SMS scam aims to convince, how to tell

Even with Telstra’s Cleaner Pipes doing some of the heavy lifting, SMS scams are getting through, and scammers are getting better. How can you decipher one at a moment’s notice?

It wouldn’t be a week without a scammer trying to pull at least one over us, and while we’ve seen a few scams this week, the amount of SMS scams trying the same trick is becoming more than monotonous.

Messages in garbled English with too many spaces have largely become the name of the game, and something telcos are beginning to work out, though it’s not entirely perfect yet.

Telstra recently chimed with information that its scam detection systems were using software used by other telcos in the world to work out which messages were being sent and cut back on the numbers, something its Cleaner Pipes program also helps out with via machine learning, but it still isn’t enough.

You still need to be aware of the scams coming in, and do your part to not click and fall into a trap. And this week, you may want to be aware that the SMS scams appear to be getting more aggressive, as scammers move on from the obviously absurd websites for you to click on to ones that are a little more difficult to work out.

Such as this one, which popped up this weekend.

A DHL scam text... with surprisingly decent English.

Proper English and a link that reads as nearly legit make this scam harder to tell, but there are telltale signs that give off that this SMS delivery scam — like so many others — is just a ruse meant to trick. What are they?

The phone number doesn’t come from an official company

First things first: check the phone number you’ve had the message sent from.

While it’s normal for you to see a phone number attached to a text message, when companies send text messages, they’ll typically arrive with a company name or ID on the phone number.

Text messages like these will be sent using a digital service, and with these there are ways to fake the company name.

Services typically block big companies from being cloned or imitated, and scammers often spoof Australian phone numbers in the first place, but your first dead giveaway is the number doesn’t say the delivery company “DHL” in the ID, so check that first.

We've blurred the phone number, but clearly this text isn't from a real DHL sender.

Next up is the website link, which looks a lot like it could be a DHL link because it says “DHL” in the address, but also isn’t, especially if you know how to read website addresses.

If you don’t know how, you might just assume the mere mentioning of the company’s name makes the address legitimate. That is absolutely not the case.

Website addresses are divided into sections, and typically look like this: subdomain dot domain-name dot suffix. It means when you visit www.pickr.com.au (the site writing this article), you’re visiting the “www” subdomain of this website “pickr” at an Australian version of dot com, “.com.au”.

A DHL scam text... with surprisingly decent English.

In the scam link we’re looking at above, the first section is the subdomain “dhl-update-id1274” branching off the main domain “web” at an app suffix, “.app”. If this were a real DHL website, “dhl” would be the domain, likely “dhl.com“. That’s not the case.

Once you can read the website address, it’s pretty easy to see that even though this says “dhl” in the link, it’s not the real deal.

The website is just a phishing site asking for credit card details

If you unfortunately end up clicking, the link will change to something else entirely, redirecting you somewhere different. And that redirection will take you to a phishing site designed to look like a real DHL site, but isn’t.

Half of the things don’t work here, with the menu items not doing anything and the main crux of the scam revolving around you entering credit card information to pay for the delivery of your so-called item.

The scam takes you to a phishing website designed to trick you that it's the real deal. It's not.

We probably don’t need to tell you that this is clearly not for a real delivery — you don’t pay extra to have your product delivered, that’s not how deliveries work — but the scam is an example of phishing, where the look of the scam aims to convince you, even if it’s not real.

Don’t be fooled. Check the website link at the top of your screen, and if it doesn’t look real — if the domain isn’t coming from the company in question — it’s very likely very fake. Close it down ASAP.

Click the link and the URL will change. This isn't DHL, and you only need to check the address to see it.
Click the link and the URL will change. This isn’t DHL, and you only need to check the address to see it.

Scams like this will keep coming

The problem with these scams is that they’ll keep on coming, because all they need to do is work once and a scammer makes some money back.

As you can see from the screenshots we’ve captured, aspects of this scam are convincing. This isn’t the garbled English and dodgy characters every other scam comes up with, nor is it an obvious voicemail message you didn’t actually receive.

Aspects of this SMS scam do appear real, but if you know what to look for, you at least know how to not get fooled, and hopefully won’t again.

Scam are almost always after your money. This one asks for your credit card details. Don't click, don't get fooled. Don't hand over those to scammers.
Scam are almost always after your money. This one asks for your credit card details. Don’t click, don’t get fooled.
Read next