With online shopping on the rise, it’s common for parcel tracking notifications to appear in inboxes – a trend cybercriminals continue to exploit in their bid to trick users.
MailGuard intercepted a malicious email that appears to be from DHL, but actually comes from a compromised website of another US-based company. Titled “Track Your Parcel”, the email informs recipients of a “shipment that has been assigned” to the user. A link is provided to track the shipment.
Here’s what the email looks like:
Unsuspecting recipients who click on the link to “track” the shipment are led to a fake DHL-branded login page that asks for the user’s email address and password. The page is, however, not hosted on a domain belonging to DHL – a huge red flag pointing to its illegitimacy. Instead, this page is hosted on another company’s website that also appears to be compromised.
Here’s what it looks like:
This is a phishing page, and once the user’s credentials are entered and submitted, they are harvested for later use, and the user is met with a blank webpage.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.
Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.
In this case, cybercriminals are preying on the curiosity of DHL customers who may think a ‘shipment’ is actually on its way. This motivates them to enter their personal details without hesitating. Here are some techniques that cybercriminals behind this scam have employed to trick users:
- use of a subject like “Track Your Parcel”. This intrigues and motivates users to take immediate action if they wish to receive their unexpected package. Cybercriminals behind this scam hope that in their curiosity to retrieve their package, recipients don’t pause to check for the legitimacy of the email.
- incorporating DHL’s logo and branding elements in the email and in the phishing pages. This helps to convince users that those pages actually belong to DHL.
- the inclusion of the recipient’s email address in the email and in the fake DHL-branded login page. This suggests that the email and its included link are directed specifically to the recipient and aren’t generic pages, again boosting the email’s credibility.
DHL recommends not opening the emails, even if they claim to be "from" DHL, and one or more of the following is the case:
- You have received an email without a tracking number and you are not doing business with DHL
- The email has an attachment and you are not aware that you are doing business with DHL
- The email instructs you to open an attachment for the tracking number
The recipient of a questionable email containing a tracking number can verify if a tracking number is valid by inserting the tracking number into the "Tracking Number" box. If there are no tracking results returned, it is not a valid tracking number and the email referencing the tracking number has not been sent by DHL.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Phishing attacks can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; protect your business and your staff from financial and reputational damage, now.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.