Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

These phishing scams impersonate popular shipping companies

Image Description

Security researchers at Armorblox have discovered two new phishing campaigns which impersonate popular shipping companies in an effort to harvest victim's corporate email credentials.

In the first campaign, the attackers impersonated FedEx by sending out emails with the subject line “You have a new FedEx sent to you”. These emails contain some information about the document in order to make it appear more legitimate along with links to view it.

Clicking on the link inside the email takes victims to a file hosted on Quip which is an additive tool for Salesforce that provides documents, spreadsheets, slides and chat services. However, as the service has a free version, it was likely what the attackers behind the campaign used to host their landing page.

Once a user clicks on the link on the landing page hosted on Quip, it takes them to the final phishing page that resembles the Microsoft login portal and here the attackers are able to harvest user's email credentials. It's worth noting that this final page is hosted on Google Firebase in an effort to fool people as well as email security technologies into thinking the link is legitimate.

DHL Express phishing attack

In the second phishing campaign observed by the Armorblox threat research team, cybercriminals used an email impersonating DHL Express to once again trick users into giving up their credentials.

This email, with the subject line “Your parcel has arrived”, includes the victim's email address at the end of the title and explains that their parcel arrived at their local post office but couldn't be delivered due to incorrect delivery details. It also has shipping documents attached to it that victims will need to check if they want to receive their delivery.

While labeled as a Microsoft Office document, the email attachment is actually an HTML file that previews a spreadsheet when opened. However, the preview is layered over with a login request box that impersonates Adobe. While it could be possible that the attackers were trying to phish for Adobe credentials, it's more likely that they were trying to get victims' work email credentials instead.

To prevent falling victim to these and other similar phishing campaigns, Armorblox recommends that organizations augment their native email security with additional controls, watch out for social engineering cues and use two-factor authentication as well as a password manager.

Date

24 Feb 2021

Sources


Share


Other Blog

  • Microsoft Edge finally fixes its YouTube problem

    A fix has finally arrived for an issue where YouTube would freeze in Edge.

    Read More
  • Sharing files over Microsoft Teams is about to become a whole lot easier

    Microsoft Teams will soon boast a new, streamlined file sharing interface.

    Read More
  • Lenovo's Black Friday Laptop deals feature $200 price cuts on Yoga ultrabooks, plus more

    There are big price cuts to be had in the latest Lenovo Black Friday laptop deals - including $200 sales on Yoga ultrabooks.

    Read More
  • Twitter to come up with much-needed 'anti-troll' feature

    Twitter has outlined its work to combat the inveterate abusers on the platform. It has proposed a new safety mode that will automatically detect accounts that "might be acting abusive or spammy."

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us