Smishing Alert Germany: Fake DHL, Hermes & DPD Package SMS Scams
Fake package delivery SMS is the #1 smishing vector in Germany. Victims face 700 EUR in charges from malware. How to identify and avoid package SMS scams.
Smishing Alert Germany: Fake DHL, Hermes & DPD Package SMS Scams
Your phone buzzes: "DHL: Your package could not be delivered. Please confirm your address: dhl-tracking-de.com." Stop. Don't click. That SMS isn't from DHL — it's a smishing attack that could cost you up to 700 euros in unauthorized charges.
Fake package delivery SMS messages are the #1 smishing vector in Germany. With millions of packages delivered daily, criminals exploit the high probability that you're actually expecting a delivery.
How Package Smishing Works
- The SMS arrives — looks like a DHL, Hermes, or DPD notification
- Urgency — "Deliver today" or "Package will be returned"
- The link — leads to a fake tracking page or malware download
- The trap — credential theft or malware installation
The Malware Variant
Installs malware on Android phones that sends premium SMS (up to 700 EUR), steals contacts, intercepts banking codes, and records your screen.
The Phishing Variant
Redirects to a fake page asking for name, address, and credit card details for a "redelivery fee."
Real vs. Fake: How to Tell
| Real Delivery SMS | Fake SMS |
|---|---|
| From "DHL" official sender name | From random phone number |
| Links to dhl.de | Links to dhl-tracking-xyz.com |
| Has your actual tracking number | Generic "your package" |
| No payment requests | Asks for fees or card details |
| No app installation | Prompts to install APK |
What to Do
If You Received the SMS
- Don't click the link — delete and block
If You Clicked
- Close the browser immediately
- If you installed an app: airplane mode, then factory reset
- If you entered payment info: contact bank immediately
- Report to Bundesnetzagentur
- File police report if financially damaged
Prevention
- Never click links in delivery SMS — always check tracking in official apps
- Install apps only from official stores
- Enable SMS spam filters
- Use LOCK.PUB to share tracking numbers safely via password-protected links
Always verify deliveries through official carrier apps. LOCK.PUB offers a safer way to share any sensitive information.
When in doubt about a delivery SMS, open the official carrier app. Never click links in SMS messages about packages.
Mots-clés
À lire aussi
Arnaque CPF : comment les escrocs volent vos droits a la formation
Decouvrez comment fonctionnent les arnaques au CPF. 15 millions d'euros de fraude, 9 arrestations en janvier 2025. Depuis 2022, le demarchage telephonique CPF est illegal.
Arnaque au faux conseiller bancaire : comment les escrocs volent votre argent par téléphone
Découvrez comment fonctionne l'arnaque au faux conseiller bancaire avec le spoofing téléphonique. 177 plaintes en 2025, hausse de 37 %. Perte moyenne : 29 000 EUR par victime.
Arnaque sentimentale France : 1/4 contacte par chatbots
Arnaque sentimentale France : 1/4 contacte par chatbots. Romance scams in France. 1 in 4 on dating apps approached by AI chatbots. AI-generated profiles standard. Platforms: Tin
Créez votre lien protégé par mot de passe maintenant
Créez gratuitement des liens protégés, des notes secrètes et des chats chiffrés.
Commencer Gratuitement