The topic The DHL link you just received could steal your password if it looks like this is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.
This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.
A startling new report from Forcepoint X-Labs has shed light on a sophisticated DHL phishing campaign targeting users worldwide. By using familiar-brand impersonation and a fake OTP verification step, scammers are harvesting passwords, IP addresses, geolocation data, and device details from everyday users.
This scam works by avoiding the high-stakes “account compromised” messages that set our alarm bells ringing in 2026. Instead, it exploits the mundanity of confirming a shipping waybill to trick you.
While writing this article, I was expecting a package from DHL; I clicked on “confirm your waybill” without even thinking, only to realize what I’d done seconds later. The irony is palpable, but it proves how even tech-savvy users can get caught out now and then. Here’s everything you need to know about this latest DHL scam, including what to do if you get scammed.
This highly polished campaign uses security theater to make you feel safe, all while picking your pocket. The email looks identical to a real DHL Express notification. However, as noted by TechRadar, the first red flag is the sender’s domain. In this case, the emails originate from cupelva[.]com—a domain with zero connection to DHL. On a mobile device, this is easy to miss because the “Display Name” simply reads “DHL Express.” This is a classic example of how hackers use display name spoofing to bypass our initial skepticism.
The most devious part of this scam happens after you click the link. Instead of taking you straight to a login page—which might make you suspicious—the hackers walk you through a series of “validation” steps:
These steps lower your guard. By the time you are asked for your email and password, you have already “verified” the transaction in your mind.
Use a reputable Password Manager. Because these tools are tied to specific domains, they will refuse to “Autofill” your password on a fake site, even if the page looks exactly like DHL.
If you fall for this scam, the theft is instant. The hackers use a legitimate service called EmailJD to funnel your data directly to their inbox.
To stay safe online, you’ll need to know these key safety tips.
If you think you’ve already been targeted, check out our guide on what to do after falling victim to an online scam to secure your accounts before it’s too late.