Email users are being urged to watch out for a new wave of dangerous messages that could leave their most personal details in the hands of hackers. With Christmas just around the corner – and the Black Friday sales recently coming to a close – millions of us have been online shopping. With so much being ordered via the web, cyber thieves are now trying to cash in with messages that claim to be from well-known courier firms suggesting that they have a parcel that needs to be delivered.
One such message has recently caught the eye of the security team at Avanan who say they have spotted an email claiming to be from DHL. The email, which has been pushed out globally, suggests that the firm is struggling to deliver a parcel to the recipient of the message due to an issue with their address.
A link is then included which asks the user to fill in a form with the correct details. Despite the email featuring official branding and appearing to have come from the company, this message has nothing to do with DHL and is simply a way for cyber crooks to target unsuspecting users at a time of year when millions of parcels are out for delivery.
Explaining more, Avanan said: “In this attack, scammers are using brand impersonation. By showing a page that looks like it comes from a trusted brand, they’re hoping to trick end-users into clicking on a link. That link, however, is a classic credential harvesting link, looking to steal data and other information. “
Of course, like many scam emails, there are some tail tale signs that should make you think twice before believing it. Firstly, the message doesn’t contain a specific name, such as Mrs Smith, with it simply starting with the word “Hello”.
That should always sound alarm bells as it shows that this message is likely being pushed out to more than just you.
Then there’s the fact that there’s no mention of which region the DHL courier that is contacting you is from with the message simply saying “You have an undelivered package from DHL office.”
Again, this allows the scammers to send out this email to as many people as possible with little effort. It’s thought this latest campaign began in November and, as we head towards the festive period, it won’t be the last.
To help consumers avoid any issues ahead of Christmas Avanan has released some top tips for staying safe online including:
• If clicking on the harvesting link, inspect the URL
• Pay close attention to mistakes in the most recent email. “DHL Office” is not a real place—the closet think would be DHL Express ServicePoint
• Pay extra attention to emails from brands, especially around the holidays. • Check Point Research has found that two of the top five most impersonated brands ship goods (DHL, Amazon)
• Ensure that the package that has been ordered is actually shipping with DHL. The tracking number provided with the original order will show if the package is delivered with DHL and the true delivery status