AI-Hyper-Personalised DHL Delivery Phishing Scam
AI tools combine the target's name, home address, known e-commerce habits, and mobile number from data-breach sources to craft DHL delivery phishing messages that appear to reference a real, specific incoming parcel.
Part of: AI Hyper-Personalised Phishing Scams
Last reviewed: 8 June 2026
Generic DHL delivery scam texts are increasingly ignored by informed recipients. Criminals have responded by deploying AI to construct highly specific messages: using breach data that links phone numbers to home addresses, past orders from retailer breaches, and DHL account registration details, they can generate a text that accurately references the recipient's full name, home address, and a plausible order description.
A message that reads: Hi [real name], your [brand] order of [product category] to [your exact address] has been flagged for a customs query — pay £1.40 to release at [link], is far more likely to prompt action than a generic delivery alert. The specificity creates a false sense of confirmation that the text is from DHL.
DHL sends genuine proactive notifications only to customers who have registered shipment tracking alerts. All genuine payment requests are processed through the DHL account portal at dhl.com, not through a fee link in an unsolicited personalised text.
How this scam works on the DHL brand
The AI-personalised message arrives as SMS or WhatsApp. It references the recipient's first name, their street address, and a product category matching something recently purchased from an e-commerce site that suffered a data breach. A small customs or address-confirmation fee is requested via a link.
The link leads to a DHL-branded phishing page pre-populated with the victim's name and partial address, asking only for the missing detail and a card number. The pre-population makes the page feel like a genuine DHL portal with the recipient's account details already loaded.
Follow-up messages, sent one to three days later, reference a different tracking number for the same product category, adding the impression of a persistent, real delivery scenario requiring resolution.
Common red flags
- DHL text references your real name and address — this data comes from breach databases, not necessarily a real DHL delivery
- Message mentions a product category that matches a recent purchase — a data-correlation technique, not proof of a real parcel
- Fee link leads to a URL that is not dhl.com
- The phishing page is pre-filled with your personal details to appear like your DHL account
- Tracking number cannot be found at dhl.com
- A second follow-up SMS references a new tracking number for the same item days later
- Message arrives via WhatsApp or a consumer messaging platform rather than a DHL short-code
How to protect yourself
- Check DHL deliveries only by logging into your DHL account at dhl.com or through the official DHL app
- Treat any personalised delivery text with the same caution as a generic one — breach data makes personalisation easy for attackers
- If you receive a text that appears to know your purchase history, change the email and phone number on your shopping accounts
- Register for USPS Informed Delivery or equivalent DHL notification services so you know in advance what is genuinely arriving
- Report the message to [email protected] and forward the SMS to 7726
- Do not click any fee link from an unsolicited message regardless of how specific it appears
How to report it
- Forward the smishing text to 7726
- Email [email protected] with the message content and screenshot
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK)
- In Australia, report to Scamwatch at scamwatch.gov.au
- File a report at ic3.gov if financial loss occurred
Frequently asked questions
How does an AI scam message know what I recently ordered?
E-commerce breaches regularly expose order data including product categories, shipping addresses, and phone numbers. AI tools merge these fields across multiple breaches to build personalised delivery lures. The attacker does not necessarily know the exact item — they know the product category from breach records.
Is a DHL text with my real address definitely from DHL?
No. Your home address is one of the easiest personal details for attackers to obtain. Knowing your address does not confirm a sender is DHL. Always verify delivery status at dhl.com directly.
Why do these attacks use small fees like £1.40 or $2.99?
Small amounts are designed to be paid without scrutiny. The real goal is capturing your card details, not collecting the nominal fee — those details enable much larger subsequent fraud. Once your card number is harvested, further charges or card-data sales follow.