Fake DHL Account Security Takeover Phishing
Scammers send emails impersonating DHL's security team, claiming the recipient's DHL account has been flagged for unusual activity and their login must be verified. The phishing page steals DHL account credentials that criminals then use to reroute expected deliveries or harvest saved personal data.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
DHL account holders who manage regular shipments store valuable information in their profiles: saved delivery addresses, payment methods, business shipping agreements, and import history. A compromised DHL account enables criminals to redirect parcels in transit, access billing data, and use the account for fraudulent shipments.
To capture these credentials, scammers send emails mimicking DHL's customer-facing communications, claiming that 'unusual login activity' or an 'account security review' requires the account holder to verify their credentials immediately.
The real DHL security team communicates account issues through your registered email, and any security prompts direct you to sign in at dhl.com — not to a separate page linked from an email body. DHL also supports two-factor authentication on its business and consumer accounts, which significantly raises the barrier for account takeover.
How this scam works on the DHL brand
The phishing email carries DHL's colours, logo, and formatting and reads: 'We have detected unusual access to your DHL account. Please verify your credentials within 24 hours to prevent suspension: [link].' The link opens a fake dhl.com login page that captures email address and password.
With those credentials, the attacker logs in to the real DHL account, changes contact details, potentially redirects any in-flight shipments to a new address, and harvests saved payment methods.
Business shipping account holders are particularly valuable targets because their accounts contain negotiated rate cards, bulk shipment histories, and sometimes API keys connected to e-commerce platforms.
Common red flags
- Unsolicited email about 'unusual DHL account activity' with a verify-now link
- Link does not go to dhl.com
- Email asks for your DHL password directly
- No corresponding security notification when you log in to dhl.com directly
- Email comes from a domain other than dhl.com
- Urgency: 'account will be suspended in 24 hours'
- Email uses generic greeting 'Dear Customer' rather than your name
How to protect yourself
- Log in to your DHL account by typing dhl.com directly into your browser — never via an email link
- Enable two-factor authentication on your DHL account
- Change your DHL password if you have any reason to believe credentials were exposed
- Review your saved shipments and redirect settings to confirm nothing was changed
- Report the phishing email to [email protected]
How to report it
- Forward phishing emails to [email protected]
- Forward smishing texts to 7726
- Report to Action Fraud (UK) or the FTC (US)
- If your account was accessed, contact DHL customer support immediately
- Report the phishing page to your national cybersecurity centre
Frequently asked questions
What can a criminal do with my DHL account?
A stolen DHL account can be used to redirect in-transit shipments, access saved payment methods, harvest personal addresses, and commit shipping fraud on business accounts.
Does DHL email me about security alerts?
DHL may send security notifications to your registered email, but they will direct you to sign in at dhl.com — not to a link in the email. If in doubt, type dhl.com directly and check your account.