MailGuard has intercepted a phishing email scam impersonating postal services company, Hongkong Post.
Titled “your package is ready”, the email uses a display name of “Delivery” and contains a sign off from the postal services company. However, the domain used in the email address provided in the “From” field doesn’t belong to Hongkong Post. It actually originates from a third-party account belonging to email delivery service, SendGrid. This account may have been compromised, or set up by the attackers for the express purpose of tricking users.
The email body contains the Hongkong Post logo, and it asks users to confirm the payment of “10 HKD” in order to complete the delivery of a package. A link is provided for them to do so, with a note informing users to complete the payment within the next “02 days”.
Here’s what the email looks like:
Unsuspecting recipients who click on the link provided are led to a redirect page, informing them that their request is being redirected to the “processor center page”, as per the below screenshot:
Users are then led to a payment page that asks for their credit card details. While this page employs Hongkong Post’s logo and branding, the domain used in the URL of this page, however, does not belong to the postal services company - a red flag pointing to its illegitimacy. It's actually a phishing page hosted on a compromised website in Brazil and is designed to harvest the users’ credit card details. Here’s what the page looks like:
Once users enter & submit their credit card details, the attackers harvest them for later use, and users are sent to another fake Hongkong Post-branded page asking them to enter a verification code sent via text message:
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
Parcel delivery themed phishing emails are a favourite among cybercriminals, especially around the end of the year. The shopping season is in full swing, with mega shopping events like Black Friday & Cyber Monday resulting in many people shopping online to take advantage of lucrative deals & sales. In addition, with Christmas and New Year approaching, this is the busiest part of the year for shopping & parcel delivery. Scammers know that receiving notifications related to parcel delivery isn't likely to be unusual in this period, and hence use lures like these to trick users.
In addition, well-known postal and shipping companies such as DHL, Australia Post and Hongkong Post are popular targets for scammers to impersonate because they are trusted names with large customer bases and are frequently used during this period. MailGuard has intercepted several similar parcel delivery themed phishing emails recently, including this one impersonating DHL.
Here are some techniques that cybercriminals behind this particular email scam have employed to trick users:
- The use of a display name like “delivery” and Hongkong Post’s branding & logo suggests the email is genuinely sent from the postal services company, boosting its credibility,
- The inclusion of a subject like “your package is ready” and a message informing them to confirm payment within 2 days. This intrigues and motivates users to take immediate action. Cybercriminals behind this scam hope in their urgency to complete the delivery of their package, recipients don’t pause to check for the legitimacy of the email and,
- The presence of details like a tracking code, and the use of security features like a verification code to confirm payment. These details and features are commonly present in notifications from well-established companies like Hongkong Post, further convincing users that those pages actually belong to the company.
Despite these techniques, several red flags are present in the email that should alert users of its illegitimacy. These include the fact that the recipient isn't addressed directly in the email, and that it contains awkward spacing & formatting, along with grammatical errors (e.g. “verification must be done on the next 02 days”).
We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever (especially since the COVID-19 pandemic), it’s sometimes hard to keep track of what parcels we’re sending & expecting. Cybercriminals know this, and often prey on people’s busy lives and curiosity trick them.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.