MailGuard is now blocking a new phishing scam that impersonates DHL in an email that has the subject “DHL Shipping Documents”. Although the sender name shows “DHL Express”, the email is actually coming from maria(at)lanoventa(dot)com, which is likely a compromised account.
At the top of the email, the recipient is shown an attachment preview and given the option to “view attachments” or “download attachments”. Below this, the scammer has recreated the DHL logo and warns the recipient that their packages were unable to be delivered due to an incorrect address. They’ve also included a number of fake details, such as the scheduled delivery date, tracking number, and service option, in an attempt to feign authenticity.
Here's what the email looks like:
If the recipient clicks either link to access the attachment, they’re directed to a phishing site that has been designed to look like a Microsoft SharePoint page. In a pop-up, the recipient is asked to enter their email address and password in order to access the protected documents, and behind the pop-up, you can see a list of PDFs which the user would expect to access.
If the victim enters their password, they are shown the message “Network error, kindly try again”. However, at this point, their password will have been harvested by the attacker and stored for later use.
Scammers are always on the lookout to steal Microsoft credentials as they serve as the gateway to a business’s sensitive data and systems. Recently, MailGuard has also intercepted and begun blocking emails which appear like quarantined email alerts, password expiry notifications, Microsoft Teams invites, and DocuSign alerts, all with the intention of stealing business email credentials. Make sure to check our blog regularly so you know what to look out for and can avoid falling victim to these vicious scams.
MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.
Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
