Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

These phishing scams impersonate popular shipping companies

Image Description

Security researchers at Armorblox have discovered two new phishing campaigns which impersonate popular shipping companies in an effort to harvest victim's corporate email credentials.

In the first campaign, the attackers impersonated FedEx by sending out emails with the subject line “You have a new FedEx sent to you”. These emails contain some information about the document in order to make it appear more legitimate along with links to view it.

Clicking on the link inside the email takes victims to a file hosted on Quip which is an additive tool for Salesforce that provides documents, spreadsheets, slides and chat services. However, as the service has a free version, it was likely what the attackers behind the campaign used to host their landing page.

Once a user clicks on the link on the landing page hosted on Quip, it takes them to the final phishing page that resembles the Microsoft login portal and here the attackers are able to harvest user's email credentials. It's worth noting that this final page is hosted on Google Firebase in an effort to fool people as well as email security technologies into thinking the link is legitimate.

DHL Express phishing attack

In the second phishing campaign observed by the Armorblox threat research team, cybercriminals used an email impersonating DHL Express to once again trick users into giving up their credentials.

This email, with the subject line “Your parcel has arrived”, includes the victim's email address at the end of the title and explains that their parcel arrived at their local post office but couldn't be delivered due to incorrect delivery details. It also has shipping documents attached to it that victims will need to check if they want to receive their delivery.

While labeled as a Microsoft Office document, the email attachment is actually an HTML file that previews a spreadsheet when opened. However, the preview is layered over with a login request box that impersonates Adobe. While it could be possible that the attackers were trying to phish for Adobe credentials, it's more likely that they were trying to get victims' work email credentials instead.

To prevent falling victim to these and other similar phishing campaigns, Armorblox recommends that organizations augment their native email security with additional controls, watch out for social engineering cues and use two-factor authentication as well as a password manager.

Date

24 Feb 2021

Sources


Share


Other Blog

  • Patch your Microsoft Exchange deployments now, users warned

    Cybersecurity researchers have published a proof-of-concept (PoC) code for an actively exploited high severity vulnerability in Microsoft Exchange servers that Microsoft has already patched in the November 2021 Patch Tuesday.

    Successful exploitation of the vulnerability in the popular hosted email server, tracked as CVE-2021-42321, enables authenticated attackers to execute code remotely on Microsoft Exchange Server 2016 and Exchange Server 2019 installations. 

    Almost two weeks after the release of Microsoft’s patch, a Vietnamese security researcher who goes by the moniker Janggggg, has released a PoC exploit for the bug, which should further incentivize admins to patch their vulnerable installations. 

    TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    >> Click here to start the survey in a new window

    "This PoC [will] just pop mspaint.exe on the target, [and] can be use[d] to recognize the signature pattern of a successful attack event," tweeted the researcher while sharing the PoC.

    Functional PoC

    Reporting on the development, BleepingComputer shares that admins can use the Exchange Server Health Checker script to generate a list of all vulnerable Exchange servers in their network that need to be patched against CVE-2021-42321.

    According to Microsoft, the security flaw is caused by improper validation of cmdlet arguments, and comes on the heels of two major malicious Exchange-centric campaigns, which have targeted different, but related vulnerabilities known as ProxyLogon and ProxyShell.

    Although the issues have all been patched, the new PoC has once again created an opportunity for threat actors to go after unpatched servers. 

    While the researcher did wait for a couple of weeks after the release of the patch to unleash the PoC in a bid to help security researchers understand the flaw, its release should serve as a reminder for lethargic admins to patch their on-premise Exchange servers without further delay. 

    Ensure your systems remain secure and updated using one of these best patch management tools

    Read More
  • Google Meet attendance data now available for more users

    The attendance data is now available to workspace tiers like Essentials, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus.

    Read More
  • Acer launches Aspire Vero for eco-conscious consumers in the GCC

    Acer today announced that its newest eco-friendly laptop – the Aspire Vero – is now available to customers in the GCC. The laptop was formally revealed in May last year, whilst launching their “Earthion” platform which is dedicated towards tackling global environmental challenges as well as expanding Acer’s sustainability efforts. Taking its commitment to the earth further, Acer Middle East has also partnered with Matiti Green to plant 10 trees on behalf of the customer for every Aspire Vero sold.

    Commenting on the launch of the Aspire Vero in the GCC, Michele Montecchio the Country Manager of Acer Middle East, “The Aspire Vero has received an overwhelming acceptance amongst both the tech sphere as well the eco-conscious community worldwide. The product not only reaffirms Acer’s commitment to practicing more sustainable operations moving forward, but also is a message to the industry that making eco-conscious choices is now an absolute necessity.”

    The Aspire Vero’s (AV15-51) chassis is composed of 30% PCR plastic while cutting CO2 emissions by 21% for the production of that part. The keycaps also contain 50% PCR plastic, and the 100% recyclable packaging can be repurposed as a DIY laptop stand. The notebook features yellow and volcano grey accents on its bumpers, and the text on the R and E keys have been inverted, calling out the 3 Re’s: reduce, reuse and recycle.

    Underneath you’ll  get the latest 11th Gen Intel Core processors and Intel Iris Xe Graphics, equipped with a choice of 8 or 16 GB of DDR4 Memory as well as 512 GB or 1 TB of PCIe NVMe SSD storage. Connectivity-wise, the laptop is equipped with Wi-Fi 6, a Type-C USB port and two Type-A USB ports.

    Prices and Availability

    The Aspire Vero (AV15-51) version with Intel’s i7 core processor, 1 TB SSD and 16 GB RAM will be available in the UAE at Sharaf DG starting at AED 3,999

    The Aspire Vero (AV15-51) version with Intel’s i5 core processor, 512 GB SSD and 8GB RAM will be available across the UAE starting at AED 3,199

    The Aspire Vero (AV15-51) will be available in Oman starting at OMR 339.9

    The Aspire Vero (AV15-51) will be available in Qatar starting at QAR 3,199

    The Aspire Vero (AV15-51) version with Intel’s i7 core processor, 1 TB SSD and 16 GB RAM will be available in Kuwait starting at KD 344.9

    The Aspire Vero (AV15-51) version with Intel’s i5 core processor, 512 GB SSD and 8GB RAM will be available in Kuwait starting at KD 274.9

    Read More
  • Why Windows 11 going with Amazon for its Android apps, and not Google, is a masterstroke

    There’s more to Android apps on the Microsoft Store than we may think.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us