Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


These phishing scams impersonate popular shipping companies

Image Description

Security researchers at Armorblox have discovered two new phishing campaigns which impersonate popular shipping companies in an effort to harvest victim's corporate email credentials.

In the first campaign, the attackers impersonated FedEx by sending out emails with the subject line “You have a new FedEx sent to you”. These emails contain some information about the document in order to make it appear more legitimate along with links to view it.

Clicking on the link inside the email takes victims to a file hosted on Quip which is an additive tool for Salesforce that provides documents, spreadsheets, slides and chat services. However, as the service has a free version, it was likely what the attackers behind the campaign used to host their landing page.

Once a user clicks on the link on the landing page hosted on Quip, it takes them to the final phishing page that resembles the Microsoft login portal and here the attackers are able to harvest user's email credentials. It's worth noting that this final page is hosted on Google Firebase in an effort to fool people as well as email security technologies into thinking the link is legitimate.

DHL Express phishing attack

In the second phishing campaign observed by the Armorblox threat research team, cybercriminals used an email impersonating DHL Express to once again trick users into giving up their credentials.

This email, with the subject line “Your parcel has arrived”, includes the victim's email address at the end of the title and explains that their parcel arrived at their local post office but couldn't be delivered due to incorrect delivery details. It also has shipping documents attached to it that victims will need to check if they want to receive their delivery.

While labeled as a Microsoft Office document, the email attachment is actually an HTML file that previews a spreadsheet when opened. However, the preview is layered over with a login request box that impersonates Adobe. While it could be possible that the attackers were trying to phish for Adobe credentials, it's more likely that they were trying to get victims' work email credentials instead.

To prevent falling victim to these and other similar phishing campaigns, Armorblox recommends that organizations augment their native email security with additional controls, watch out for social engineering cues and use two-factor authentication as well as a password manager.


24 Feb 2021



Other Blog

  • Stripe acquires TaxJar to help online businesses with tax compliance

    TaxJar offers expertise in processing sales taxes across geographical boundaries.

    Read More
  • How to supercharge your business with the Intel vPro Platform

    The Intel vPro Platform is built for business - here’s why it could be the ideal workplace companion for all your workers.

    Read More
  • Australia's controversial media code that targets Google and Facebook is now law

    Google and Facebook will now be required to pay Australian news organizations for linking to and sharing their content.

    Read More
  • Move over Intel, the new Razer Blade 14 is finally powered by AMD Ryzen

    The new Razer Blade 14 isn't just thin and light, but it also packs the most powerful laptop hardware on the market today.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us