Bogus FedEx and DHL Phishbait

Bogus FedEx and DHL Phishbait

Bogus FedEx and DHL Phishbait

Researchers at Armorblox describe an ongoing phishing campaign that’s using phony FedEx and DHL shipping notifications as phishing lures.

“A few days ago, the Armorblox threat research team observed an email impersonating FedEx attempt to hit one of our customer environments,” the researchers write. “The email was titled ‘You have a new FedEx sent to you’ followed by the date the email was sent. The email contained some information about the document to make it seem legitimate, along with links to view the supposed document.”

The emails contained links to the Quip document hosting service, where the attackers had set up a landing page with a link to a spoofed Office 365 login page. The DHL phishing scam used a similar technique.

“The email sender name was ‘Dhl Express’ and title was ‘Your parcel has arrived’, including the victim’s email address at the end of the title,” Armorblox says. “The email informed victims that a parcel arrived for them at the post office, and that the parcel couldn’t be delivered due to incorrect delivery details. The email includes attached shipping documents that victims are guided to check if they want to receive their delivery.”

These emails contained an HTML attachment that opened what appeared to be a blurred-out spreadsheet behind an Adobe login box. The login overlay had the user’s email address pre-filled in the first box, so the researchers believe the attackers were trying to trick the user into entering their email password rather than their Adobe account credentials.

The researchers conclude that people should use a combination of training and technical defenses such as two-factor authentication to defend themselves against these attacks.

“Since we get so many emails from service providers, our brains have been trained to quickly execute on their requested actions,” they write. “It’s much easier said than done, but engage with these emails in a rational and methodical manner whenever possible. Subject the email to an eye test that includes inspecting the sender name, sender email address, language within the email, and any logical inconsistencies within the email (e.g. Why is the email sender name ‘Dhl Express’ instead of ‘DHL Express’, Why does this shipping details document have an HTML extension? etc.).”

What might users be trained to look for? Poor idiomatic control, for one thing. The logos and layouts are very nicely done, but the words are a bit clumsier: DHL and FedEx have better writers. New-school security awareness training can create a culture of security within your organization so your employees can recognize phishing and other types of social engineering attacks.

Armorblox has the story.

** Optrics Inc. is an Authorized KnowBe4 partner

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Free Phishing Security TestHere’s how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry
Go Phishing Now!


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

The original article can be found here:

Leave a Reply