During the holiday season, one in four phishing emails spoofed DHL. Attackers attached malicious files linked to credential harvesting pages and included a dangerous Trojan virus.
Typically, Microsoft is at the top of the brands that attackers most frequently imitate. In the fourth quarter of 2021, it was only second. DHL accounted for 23% of all phishing emails, compared to 9% during the third quarter of 2021.
Starting in January 2022, Avanan, a Check Point company, observed a new wave of hackers spoofing DHL and attaching malicious files that link to credential harvesting pages and include a dangerous Trojan virus.
“The attachment itself contains no malicious payload; instead, it redirects the web browser to a compromised web page. This strategy often allows phishers to go undetected due to the newness of the compromised webpage and the reactive nature of traditional anti-phishing defenses,” the company said in a blog post.
In this attack, attackers are spoofing a delivery message from DHL. A victim receives a purported shipping document for an already-arrived shipment. Instead of going to that shipping document, a malicious file goes straight to a credential harvesting page. It also installs a Trojan virus, a malicious file that can take over the user’s computer.
“So, this attack would not only steal credentials–it could steal so much more, from critical data and information to stealing control of the computer itself to propagate more attacks on your network,” Avanan concluded.
Have you received a similar email? Dave Hatter, a cybersecurity expert at IntrustIT, says you should pay attention to:
1. Stop. Think. Did I actually order the item in question?
2. Look for misspellings and bad grammar in the email as red flags. As the scammers get better, this is less common.
3. Mouseover, BUT DO NOT CLICK on the links to see if they actually go to the website the email appears to have come from. If it's not VERY CLEAR that it does, DO NOT CLICK the link.
4. Be extra vigilant and skeptical.
5. If you're not sure, or you did order something, go "out-of-band."
6. Don't click any of the links or call any of the phone numbers (all easily spoofed).
7. Go to the website that purportedly sent the email by visiting it directly. For example, open a new browser window and go to www.amazon.com, www.target.com, www.walmart.com.
7. Login in to your account and use the legitimate site to check on any orders you might have.
8. The same would hold true if the email purportedly came from a shipping company like UPS or FedEx. Go "out-of-band" and visit their site directly to search for the shipping number.
More from CyberNews:
Subscribe to our newsletter