At MailGuard, we are constantly intercepting and blocking new phishing emails that impersonate global shipping companies. Typically, scammers will claim that the recipient has an unpaid shipping fee or needs to pay for the item to be re-delivered, while masquerading as globally recognised companies, like DHL, Australia Post, or as in today’s case, Aramex.
The email lands in inboxes with the subject “Aramex: Message Important”, and the sender name shows “Courier-Services”. The email actually comes from the address “support(at)aramexau(dot)Freshdesk(dot)com”, which, although it mentions Aramex, is not associated with the company and is actually either a compromised Freshdesk account or one that has been newly registered for phishing purposes.
The body of the email uses Aramex branding and generic language (e.g., “Dear Customer”), which is one of the most common tell-tale signs in a phishing scam. The recipient is warned that “because customs duties (1.71 AUD) were not paid”, their parcel could not be delivered. They’re then provided with information about the package, and directed to click a link that appears as though it will take the recipient to an Aramex tracking page.
Here's what the email looks like:
After clicking the link, the user is taken to a sophisticated phishing site that has been designed to mimic the authentic Aramex tracking page. Even looking at the URL, Aramex is mentioned twice, which could make it difficult for some customers to discern if this is a genuine website.
The user is asked to enter their payment information to pay off the $1.71 shipping fee, including:
- First name
- Last name
- Card number
- Expiry date
- CVV
If these details are entered, they will be harvested by the attacker for later use.
After being shown a loading sign which states the website is “checking your information”, the victim is then asked to confirm the payment by entering the one-time passcode that’s sent to their mobile.
OTP pages are commonly used to verify payments when making genuine purchases online, so it may not stand out to an unsuspecting victim, especially when it’s as well-crafted as this one. However, the scammer is using this page to trick the victim into entering their OTP code, which they can then use to complete a fraudulent transaction or confirm that the stolen credit card information is valid and active.
Aramex offers the following advice to their customers:
- Aramex will never contact you to ask for personal or financial info, including credit card details and passwords.
- Do not click on any links in emails or SMS that request payment from Aramex.
- Never give your credit card details over the phone to anyone claiming to be from Aramex.
- Do not click on an email link to print off a label to redeem your package.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
