Fake DHL Shipment Confirmation Phishing Email
Criminals send fake DHL shipment confirmation emails — ostensibly for orders the recipient did not place — to trick them into clicking a 'cancel shipment' link that leads to a phishing or malware site. The panic of seeing an unfamiliar order confirmation lowers rational scrutiny.
Part of: Fake Order Confirmation Phishing Scams
Last reviewed: 7 June 2026
Order confirmation phishing emails exploit two competing instincts: the fear of being billed for something you did not order, and the urgency to cancel it quickly. When these emails carry DHL branding, they add the authority of a major logistics company to reinforce the legitimacy of the message.
The email claims a shipment has been dispatched on your behalf and provides a link to 'view order details' or 'cancel the shipment.' Because the recipient feels they must act immediately to prevent a fraudulent charge, they click without pausing to verify.
DHL does send genuine shipment confirmation emails when a sender has registered your email address for tracking updates. The key distinguishing factor is that the legitimate emails always include a real tracking number that resolves in the DHL system, and any actions are taken within the DHL app or at dhl.com — not through an unrelated link in the email.
How this scam works on the DHL brand
The phishing email reads: 'DHL Shipment Confirmation: Your order [#XXXXXXXX] has been dispatched. Expected delivery: [date]. To cancel or view details, click here: [link].' The link leads either to a credential-harvesting page asking for a DHL login, or directly to a malware download.
Some variants include a convincing invoice PDF attachment infected with malware, framing the attachment as the 'shipment documentation' for the fake order.
Real DHL shipment confirmation emails always contain a valid tracking number verifiable at dhl.com and direct the recipient to dhl.com for any shipment management — they do not link to external sites or ask for credentials through the email.
Common red flags
- Order confirmation for a shipment you did not arrange
- Tracking number in the email does not resolve at dhl.com
- 'Cancel shipment' link goes to a non-dhl.com domain
- Email asks for your DHL login to view shipment details via the link
- Attached PDF or Word document labelled as 'shipment invoice'
- Email address is not from @dhl.com
- Urgency: 'cancel within 24 hours to avoid charges'
How to protect yourself
- Enter the tracking number at dhl.com before clicking any link — if it returns no result, the email is fake
- If you believe you were billed fraudulently, contact your bank directly — not via any number in the email
- Never open attachments from unexpected DHL shipment confirmation emails
- Forward phishing emails to [email protected]
- If you entered credentials, change your DHL password immediately
How to report it
- Forward phishing emails to [email protected]
- Report malware to your national cybersecurity centre
- Report to Action Fraud (UK) at actionfraud.police.uk or the FTC (US) at reportfraud.ftc.gov
- Forward smishing texts to 7726
- If financial charges were made, contact your bank immediately
Frequently asked questions
I received a DHL shipment confirmation for an order I never placed. What should I do?
Check the tracking number at dhl.com directly. If it returns no result, the email is fake — do not click the cancel link. Report the email to [email protected] and to your national fraud reporting body.
Can just opening the email cause harm?
Opening a plain email is generally low risk. Clicking links or opening attachments is where harm occurs. Never open attachments in unexpected shipment emails.