Went wild on Black Friday? Scammers are after you


You must be eager to get your goods if you went wild spending on Black Friday or Cyber Monday. But once you get an undelivered package notification from DHL, don’t freak out. Scammers are exploiting the holiday shopping feather to harvest credentials.

Shipping companies are amongst the most spoofed brands in the world. This trend only increases around the holidays.

Folks worldwide are concerned about the status of their holiday shopping, and they constantly check for updates from their carriers. Threat actors are well aware of this trend. This time, Avanan, a Check Point company, observed a new credential harvesting attack where scammers spoof an undelivered package notification from DHL.

They are sending out emails where they impersonate DHL. Scammers use the company's colors and branding to make it look like an email comes from a trusted brand and are hoping to trick end-users into clicking on a link that way. The link leads to a classical credential harvesting page, where you will be asked to submit your address and other necessary information if you want to get the package. However, that won't happen.

The email utilizes social engineering tactics, such as urgent language about the package being delivered today, to get the user to act.

Fake DHL email

According to Check Point Research, DHL is the third most impersonated brand. It delivers packages from around the globe, and, with folks broadening their purchasing horizons this holiday season, a DHL package is more likely, making the spoof more believable.

However, you should stay alert not only for notifications from DHL. Threat actors spoof and impersonate many popular brands. Attackers have been carrying a similar attack with the US Postal Service, notifying users of an undelivered package. Amazon is also amongst the most impersonated brands, as many people are stocking from Amazon to avoid the hassle of last-minute shopping before the holidays.

Even if the email body doesn't contain a link, it might still be malicious. Some scammers have switched to low-tech scams to bypass security filters. They are now flooding inboxes with fake high-dollar invoices from Apple, Amazon, and Norton to trick you into calling a given number. Once you do, a scammer will pretend to be an Apple employee and use social engineering to extort as much personal information from you as possible.

In order to guard against these attacks, users can do the following:

  1. If clicking on the harvesting link, inspect the URL
  2. Pay close attention to mistakes in the email. “DHL Office” is not a real place—the closet think would be DHL Express ServicePoint
  3. Pay extra attention to emails from brands, especially around the holidays. Check Point Research has found that two of the top five most impersonated brands ship goods (DHL, Amazon)
  4. Ensure that the package that has been ordered is actually shipping with DHL. The tracking number provided with the original order will show if the package is delivered with DHL and its real delivery status
  5. Utilize an email security solution that relies on multiple factors to identify phishing emails.

More from CyberNews:

70 countries have restricted social media in the last six years

Here’s why ransomware gangs are now rebranding themselves as ‘white hat’

Hackers could use OneDrive permissions to read company documents

Got a job without an interview? It’s probably a scam

IKEA hit by ongoing email cyberattack campaign

Subscribe to our newsletter