Cybercriminals are ramping up for the holiday season with the launch of a new phishing scam disguised as a parcel arrival notification from international shipping company, DHL.
Victims have reported receiving an email that appears to be a legitimate DHL shipping notification with a tracking number, various links, and an attachment containing details about an ‘Arrival Notification’.
While the sender appears to be ‘DHL Shipment AWB’, the email has been sent from a compromised address.
As soon as the user clicks on the link, they are directed to a fake login page that has been specifically set up to harvest user data such as usernames, passwords and other personally identifiable information.
In other variants of the scam, the link to the attachment is loaded with malware so as soon as the user downloads it onto their computer, they are infecting their device with a malicious software that can be used to spy on their online activities or steal personal information.
(Image: Fake DHL shipping notification – Source: Mail Guard )
DHL provided advice to customers on what they should do if they suspect they’ve received a phishing email: “The DHL name has been used in a series of fraudulent email scams, commonly referred to as Phishing. These emails are not authorised by DHL – their authors are only using the DHL name in their message to grab the user’s attention and lend apparent legitimacy to the emails.
“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist, and the attachment may be a computer virus. Please do not open the attachment or click any links. This email and attachment do not originate from DHL.”
DHL is just one of a number of big brands that tend to get hit hard with phishing scams at this time of the year. Inboxes are flooded with delivery notifications from online-retailers and fraudsters are quick to take advantage of this flurry of online activity to launch mass phishing scams.
To reduce your chance of falling for a seasonal phishing scam, you should follow the below guidelines:
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website – Legitimate sites will always be secured using a ‘HTTPS’ certification.
- Pay close attention to the spelling of an email address, if there are any inconsistencies, delete immediately.
- Ignore and delete emails with poor grammar and spelling.
- Reputable companies will never ask you to supply personal information in an email.
- Use strong passwords to reduce the chance of devices being hacked.
- Install the latest anti-virus software on your device and ensure it is regularly updated.
Email phishing is on the increase and is becoming a major problem for organisations as it becomes more sophisticated and targeted. MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Contact us for further information on how we can help protect your business.