Fake DHL Order-Confirmation Phishing Email Scam
Scammers send fake DHL shipment-confirmation emails claiming a large or unfamiliar order has been dispatched using the recipient's account, including a link to cancel the shipment that leads to a credential-harvesting page. DHL never sends order-confirmation emails on behalf of retailers, and its shipping labels are created by senders, not recipients.
Part of: Fake Order Confirmation Phishing Scams
Last reviewed: 8 June 2026
Fake order-confirmation emails are among the highest-volume phishing campaigns globally. When DHL's brand is applied to the pretence, recipients assume a package has been sent using their account without authorisation, creating a strong urge to click the provided cancellation link immediately.
The email claims an expensive item — often electronics or high-value goods — has been dispatched to an unfamiliar address using the recipient's DHL account. A prominent 'Cancel Shipment' button links to a fake DHL login page that harvests account credentials.
DHL's shipping accounts are set up by businesses and individuals who have registered at dhl.com. Consumer-facing tracking notifications go from the sender's account to the recipient — the recipient does not have a DHL account used to create shipments. Most consumers never create DHL shipments, meaning this email is fundamentally implausible, but the fear of fraud overrides that logic for many recipients.
How this scam works on the DHL brand
The email reads: 'DHL Express Shipment Confirmation: A shipment has been created on your DHL account for delivery of [item description] to [unfamiliar address]. Estimated value: $499. If you did not authorise this, cancel here: [link].' The link leads to a spoofed DHL account-login page.
After entering credentials, the victim is shown an 'order cancelled' confirmation. Meanwhile, the scammer uses the harvested credentials to log in to any account where the same password is used, or sells the credentials on dark-web marketplaces.
More sophisticated campaigns also include a fake DHL AWB (air waybill) number in the email, accessible via a secondary link that leads to a fake tracking page confirming the fraudulent order — adding another layer of apparent legitimacy.
Common red flags
- Email claiming a DHL shipment was created on your account for an item you did not send
- Cancel link leads to a domain other than dhl.com
- High-value item described to increase urgency and fear of financial loss
- Unfamiliar delivery address included to imply your account was compromised
- Email sender is not @dhl.com
- AWB or tracking number in the email cannot be verified at dhl.com
- DHL branding has slight inconsistencies — wrong font weight, incorrect yellow tone
How to protect yourself
- Log in directly to dhl.com to check your account for any genuine shipments — do not use the email link
- If you do not have a DHL account, the email is certainly fraudulent
- Never enter DHL credentials via a link from an unsolicited email
- Change your DHL account password if you believe credentials were entered on a fake page
- Enable two-factor authentication on your DHL account
- Report the phishing email to [email protected]
- Report to the FTC at reportfraud.ftc.gov or Action Fraud at actionfraud.police.uk
How to report it
- Forward the phishing email to [email protected]
- Report to the FTC at reportfraud.ftc.gov (US)
- Report to Action Fraud at actionfraud.police.uk (UK)
- Report to your national cybersecurity authority
- If credentials were entered, change passwords on all accounts using the same login
Frequently asked questions
Can someone else create a DHL shipment using my account?
If your DHL account credentials are compromised, a fraudster could use them to create a shipment. However, most consumers do not have DHL shipping accounts at all — they only receive parcels. If you do not have a DHL account, any email claiming one was used on your behalf is fabricated.
How do I check if my DHL account has been accessed without my knowledge?
Log in at dhl.com directly and check your shipment history. If you see shipments you did not create, change your password immediately, enable 2FA, and contact DHL customer service.
Why do fake order-confirmation emails use high-value items?
High-value items like electronics or jewellery trigger a stronger fear response — the sense that significant money is at stake motivates faster, less scrutinised action. Scammers rely on this to prevent recipients from pausing to check whether the claim is plausible.