Receiving an email claiming your package has been undelivered may be alarming, but as this phishing email reminds us, it never hurts to think twice before clicking on any links.
MailGuard intercepted an email impersonating global logistics service, DHL. Using a display name of “DHL Express,” the email is titled “DHL On Demand Delivery”. It informs users of an “undelivered package from DHL Office” and asks them to “go online” to submit their correct address. A link is provided to do so. While the address provided in the “From:” field does appear to be a valid DHL address, it was discovered the email actually originates from a compromised mail server used overseas. The email includes DHL’s logo and branding, complete with a footer containing a “Confidentiality Notice”. It signs off with a message saying it is an “automatically transmitted message” from DHL Management.
Here’s what the email looks like:
Unsuspecting recipients who click on the link are led to an automatic redirect, before being presented with a fake DHL-branded login page, with the users’ email address already filled out.
This is actually a phishing page that is hosted on a compromised website. Once users enter their credentials and “log in”, the attacker harvests them for later use, and the user is met with an error saying that the login failed.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
Well-known companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases. With the recent spike in online shopping, triggered by the closure of many physical stores due to the COVID-19 pandemic, it is not uncommon to receive notifications related to package deliveries like these.
In this case, cybercriminals are preying on the curiosity of DHL customers who may actually think a package has not been delivered because of a problem with the delivery address. This motivates them to enter their personal details without hesitating. Here are some techniques that cybercriminals behind this scam have employed to trick users:
- The use of a subject like “DHL On Demand Delivery”, along with a legitimate-looking display name. This suggests the email is actually an auto-generated notification belonging to DHL, boosting its credibility,
- Claiming that a new package is “undelivered”. This intrigues and motivates users to take immediate action if they wish to receive their unexpected package. Cybercriminals behind this scam hope in their urgency to retrieve their package, recipients don’t pause to check for the legitimacy of the email,
- Incorporating DHL’s logo and branding elements in the email and in the phishing pages. This helps to convince users that those pages actually belong to DHL, and
- Including the recipient’s email address in the fake DHL-branded login page. This suggests that the email and its included link are directed specifically to the recipient and aren’t generic pages, again boosting the email’s credibility.
Despite these techniques, recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly and that the domain used by the phishing page doesn’t use a domain belonging to DHL.
The logistics giant issues the following advice for those who have received suspicious emails purporting to be from DHL:
“If you suspect having received fraudulent emails, SMS or found a website or social media account that tries to pass off as DHL, we encourage you to let us know at your earliest convenience, so that we can quickly take actions to stop the fraud.
Please report all suspicious activity to our dedicated Anti-Abuse Mailbox at firstname.lastname@example.org”.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.