PostNL and DHL Fake Delivery SMS: How to Spot Phishing in the Netherlands
Learn how to identify fake PostNL and DHL delivery notifications that install banking trojans. The most common phishing attack in the Netherlands explained.
PostNL and DHL Fake Delivery SMS: How to Spot Phishing in the Netherlands
Fake delivery notifications are the single most common phishing attack in the Netherlands. With Dutch consumers ordering millions of packages every year, a message about a "missed delivery" or "customs fee" catches people off guard. The attacks impersonate PostNL, DHL, UPS, GLS, and DPD, but PostNL and DHL fakes dominate because they handle the majority of Dutch deliveries.
These are not just annoying spam messages. Clicking the link can install banking trojans on your phone that silently intercept your banking app sessions, steal your credentials, and drain your accounts.
How Fake Delivery SMS Scams Work
The Basic Flow
- You receive an SMS that appears to come from PostNL or DHL: "Your package could not be delivered. Schedule a new delivery: [link]" or "Customs fee of EUR 1.95 required: [link]."
- You click the link and land on a page that looks exactly like PostNL or DHL's website.
- The page asks you to take action — pay a small fee, enter your address, or download an app to track your package.
- The damage happens — your payment details are stolen, or malware is installed on your phone.
What the Malware Does
The most dangerous fake delivery messages trick you into installing a malicious app (usually on Android). This app:
- Overlays fake login screens on top of your real banking app
- Intercepts SMS messages including authentication codes from your bank
- Reads your contacts and sends phishing SMS to everyone in your address book
- Captures screen content when you use financial apps
- Operates silently in the background without visible signs
How to Tell Real from Fake Delivery Notifications
PostNL
| Feature | Real PostNL | Fake PostNL |
|---|---|---|
| SMS sender | "PostNL" (via official short code) | Random phone number or spoofed "PostNL" |
| Link domain | postnl.nl or postnl.post | postnl-track.com, postnl-delivery.nl, etc. |
| Payment request | Never asks for payment via SMS link | "Pay EUR 1.95 customs fee" |
| App download | Only from App Store / Google Play | "Download our updated tracking app" |
| Track & Trace | 3SXXXX or similar format | Generic or missing tracking code |
DHL
| Feature | Real DHL | Fake DHL |
|---|---|---|
| SMS sender | "DHL" or official number | Random number or spoofed |
| Link domain | dhl.nl or dhl.com | dhl-track-nl.com, dhl-pakket.com, etc. |
| Customs communication | Official letter or email with reference | SMS demanding immediate payment |
| App | Only official DHL app from app stores | "Install DHL Express app" via link |
Universal Red Flags
- Unexpected timing — You are not expecting a delivery.
- Urgency — "Pay within 24 hours or package will be returned."
- Small payment requests — Scammers use small amounts (1-3 euros) because people are more likely to pay without thinking.
- Grammatical errors — Though fake messages are getting better, many still contain subtle errors.
- Generic greeting — "Dear customer" instead of your name.
What to Do When You Receive a Suspicious Delivery SMS
- Do not click the link. If you are expecting a package, open the PostNL or DHL app directly and check your tracking there.
- Check the sender number. Real PostNL messages come from a consistent sender. If it is a random mobile number, it is fake.
- Verify through the official app. PostNL, DHL, and other carriers have apps that show all your incoming deliveries. If there is no delivery in the app, the SMS is fake.
- Delete the message. Do not forward it or click anything.
- Report it. Forward suspicious SMS to the Fraudehelpdesk (forwarding instructions on their website) and report it to the carrier.
What to Do If You Already Clicked
If You Only Clicked the Link (No Payment or Install)
- Close the browser immediately.
- Clear your browser cache and cookies.
- Run a virus scan on your phone.
- Monitor your accounts for unusual activity.
If You Entered Payment Details
- Contact your bank immediately to block your card and dispute any charges.
- Change your online banking password.
- Monitor your accounts closely for the next several weeks.
If You Installed an App from the Link
This is the most serious scenario.
- Put your phone in airplane mode immediately to prevent data from being sent.
- Contact your bank from a different phone to block all accounts.
- Do not use your banking app on the compromised phone.
- Factory reset your phone. Uninstalling the app alone is not enough — trojans embed themselves deep in the system.
- Change all passwords (banking, email, social media) from a different, clean device.
- Report to the police at politie.nl.
- Warn your contacts — the malware may have already sent phishing SMS from your phone.
Protecting Your Delivery Information
When you share delivery addresses, tracking numbers, or access codes with others — whether a neighbour picking up your package or a delivery driver needing a gate code — sending these in plain text creates a permanent record.
LOCK.PUB lets you create password-protected links with automatic expiration. Share your pickup address or door code through a LOCK.PUB link that expires after delivery. No installation required, works in any browser.
This is practical for:
- Sharing your address with online sellers who ship directly
- Gate or door codes for delivery drivers
- Tracking numbers containing order details you want to keep private
Prevention Tips
- Install a spam filter — Most Dutch carriers and phone manufacturers offer SMS spam filtering.
- Keep your phone's OS updated — Security patches close the vulnerabilities that trojans exploit.
- Never install apps from links — Only use official app stores.
- Use the PostNL and DHL apps for tracking instead of relying on SMS notifications.
- Be especially cautious during peak seasons — Black Friday, Sinterklaas, and Christmas see massive increases in fake delivery SMS.
The Bottom Line
Fake delivery SMS is the phishing method most likely to catch Dutch residents off guard because it exploits an everyday activity — receiving packages. The defence is simple: never click links in delivery SMS messages. Always check your deliveries through the official app. And if you accidentally installed something from a suspicious link, act immediately — airplane mode, contact your bank, factory reset.
For sharing delivery-related information securely, LOCK.PUB offers free, password-protected links that expire automatically. Keep your address and access codes safe.
Share delivery details securely with LOCK.PUB — password-protected, self-expiring links.
Keywords
You might also like
Fake InPost SMS Scams: How to Spot Phishing Paczkomat Notifications in Poland
Fake InPost and Paczkomat SMS messages are the most common phishing attack in Poland. Learn how to identify fake delivery notifications and protect your money.
Allegro Scams: How to Shop Safely on Poland's Largest Marketplace
Protect yourself from Allegro phishing emails, fake sellers, and fake Allegro Protect pages. Learn how to verify legitimate Allegro communications and avoid marketplace fraud.
BLIK Fraud in Poland: How Scammers Steal Money Through Fake BLIK Codes
Learn how BLIK payment fraud works in Poland, from fake BLIK code requests to the 'friend in need' scam on Messenger. Complete security checklist to protect your money.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free