FedEx and DHL Express Hit with Phishing Attacks

 

Researchers reported on Tuesday that they discovered two email phishing assaults targeting at least 10,000 mailboxes at FedEx and DHL Express that hope to extract client's work email account. In a blog published by Armorblox, the researchers said one assault impersonates a FedEx online document share, and the other claims to share shipping details from DHL. The phishing pages were facilitated on free services like Quip and Google Firebase to deceive security technologies and clients into thinking the links were legitimate.

“The email titles, sender names, and content did enough to mask their true intention and make victims think the emails were really from FedEx and DHL Express respectively,” said researchers with Armorblox on Tuesday. “Emails informing us of FedEx scanned documents or missed DHL deliveries are not out of the ordinary; most users will tend to take quick action on these emails instead of studying them in detail for any inconsistencies.” 

The phishing email spoofing American multinational delivery services company FedEx was entitled, “You have a new FedEx sent to you,” with a date that the email was sent. This email contained some data about the document to make it seem legitimate – like its ID, the number of pages, and kind of document – alongside a link to see the supposed document. On the off chance that the recipients clicked on the email, they would be taken to a file facilitated on Quip. Quip, which comes in a free form, is a tool for Salesforce that offers documents, spreadsheets, slides, and chat services. 

A separate campaign impersonated German international courier DHL Express, with emails telling recipients that “Your parcel has arrived,” with their email addresses towards the end of the title. The email told recipients that a package couldn't be conveyed to them because of incorrect delivery details – and that the parcel is rather ready for pickup at the post office. The email provoked recipients to look at appended “shipping documents” if they want to receive their delivery. The attached document was an HTML file (named “SHIPPING DOC”) that, when opened, previewed a spreadsheet that looked like shipping documents.