These phishing scams impersonate popular shipping companies
Be on the lookout for emails claiming to come from FedEx and DHL Express
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers atArmorbloxhave discovered two newphishingcampaigns which impersonate popular shipping companies in an effort to harvest victim’s corporate email credentials.
In the first campaign, the attackers impersonated FedEx by sending out emails with the subject line “You have a new FedEx sent to you”. These emails contain some information about the document in order to make it appear more legitimate along with links to view it.
Clicking on the link inside the email takes victims to a file hosted onQuipwhich is an additive tool forSalesforcethat provides documents, spreadsheets, slides and chat services. However, as the service has a free version, it was likely what the attackers behind the campaign used to host their landing page.
Once a user clicks on the link on the landing page hosted on Quip, it takes them to the final phishing page that resembles theMicrosoftlogin portal and here the attackers are able to harvest user’s email credentials. It’s worth noting that this final page is hosted onGoogle Firebasein an effort to fool people as well as email security technologies into thinking the link is legitimate.
DHL Express phishing attack
In the second phishing campaign observed by the Armorblox threat research team, cybercriminals used an email impersonatingDHL Expressto once again trick users into giving up their credentials.
This email, with the subject line “Your parcel has arrived”, includes the victim’s email address at the end of the title and explains that their parcel arrived at their local post office but couldn’t be delivered due to incorrect delivery details. It also has shipping documents attached to it that victims will need to check if they want to receive their delivery.
While labeled as aMicrosoft Officedocument, the email attachment is actually an HTML file that previews a spreadsheet when opened. However, the preview is layered over with a login request box that impersonatesAdobe. While it could be possible that the attackers were trying to phish forAdobecredentials, it’s more likely that they were trying to get victims' work email credentials instead.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To prevent falling victim to these and other similar phishing campaigns, Armorblox recommends that organizations augment their native email security with additional controls, watch out for social engineering cues and usetwo-factor authenticationas well as apassword manager.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace
