DHL Quishing: Fake Package Slips in Mailbox – How to Protect Yourself
Scammers are dropping fake DHL notifications into mailboxes. The QR code leads to phishing pages that steal credit card data. The new scam hits Germany during the 2025 holiday season.
A new quishing wave is hitting Germany during the 2025 holiday season: scammers are dropping fake DHL delivery notices into mailboxes. The printed QR code leads to a convincingly authentic-looking phishing page that steals credit card data and personal information. The insidious part: physical notes appear much more trustworthy than emails or text messages.
Current Warning – December 2025
Over 5,000 Google searches in just four hours show the scale of this scam. Never scan QR codes from unexpected notes in your mailbox!
Video: @finanzstarter explains the DHL scam
How the DHL scam works
- 1Note in mailbox
A professionally designed note with DHL logo informs about an allegedly undeliverable package.
- 2Scan QR code
The QR code supposedly leads to scheduling an appointment or paying a small fee.
- 3Fake DHL page
The website looks deceptively similar to the real DHL site. Here, personal data is requested step by step.
- 4Data theft
Name, address, email, credit card data and even SMS one-time codes are stolen. Damages up to €2,400 have been reported.
Why this scam is so dangerous
📬 Physical trust
A real note in the mailbox seems more trustworthy than suspicious emails. Most people are cautious with digital messages, not mail.
🎄 Perfect timing
During the pre-Christmas period, most people expect multiple packages. Anyone expecting 3-5 deliveries will hardly be suspicious of a note.
🎨 Professional forgery
The notes are designed with DHL logo, professional layout and typical wording – barely distinguishable from real notifications.
💳 Multi-stage attack
The phishing page first asks for harmless data (name, address), then email, then credit card – gradual escalation.
How to protect yourself
Before scanning a QR code: check the URL with qrtrust.de – our AI detects phishing pages in real-time.
When in doubt, open the official DHL app or enter dhl.de manually in your browser. Never via QR codes!
Real DHL notifications contain a tracking number. Check it directly at dhl.de/sendungsverfolgung.
DHL never asks for sensitive data via a QR code on a note. For fees: these are collected at the door.
Already entered data? Here's what to do!
- 1.Block your credit card immediately (your bank's emergency line)
- 2.Inform your bank about the fraud
- 3.Change passwords of all affected accounts
- 4.File a police report
- 5.Report incident to DHL: phishing-dhl@dhl.com
QRTrust: Your protection against quishing
Whether DHL, charging stations or parking meters – QRTrust checks every QR code in real-time for phishing. Free, GDPR-compliant, developed in Germany.
Check QR code now →Sources
- CHIP: "Danger in the mailbox: Anyone who sees this note must be especially careful now" →
- t-online: "DHL scam: Fake pickup slips with QR code" →
- Watson: "DHL package: Warning about QR code in mailbox" →
- • Consumer Protection Center NRW
- • Police warnings December 2025
*About QRTrust: QRTrust is Germany's first QR code security platform, developed in Dortmund. With AI-powered real-time detection, QRTrust protects citizens and businesses from quishing attacks. 100% GDPR compliant, hosted in Germany.*