Fraud Management & Cybercrime , Fraud Risk Management , Social Engineering

Phishing Campaign Mimics FedEx, DHL Express

Fake Messages About Package Delivery Designed to Steal Credentials
Phishing Campaign Mimics FedEx, DHL Express
FedEx was used as a lure in phishing attacks. (Source: AmorBlox)

A phishing campaign tried to steal credentials by sending emails that purported to come from DHL Express and FedEx, reports security firm Armorblox.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The phishing emails claimed the recipients had a parcel to be delivered. When the targets clicked on a malicious link within the emails, they were redirected to fake Microsoft and Adobe login pages, through which the attackers attempted to harvest email passwords.

Armorblox says the campaign, which used legitimate hosting services Quip and Google Firebase to bypass security, is estimated to have targeted 10,000 potential victims.

FedEx Campaign

The phishing page for the FedEx campaign, hosted on Quip, resembled Microsoft’s login portal to trick the victims to enter their credentials.

"Entering fake details on this page reloads the login portal with an error message asking the victim to enter correct details," the report says. "This might point to some backend validation mechanism in place that checks the veracity of entered details. Alternately, attackers might be looking to harvest as many email addresses and passwords as possible and the error message will keep appearing regardless of the details entered."

DHL Emails

Armorblox notes the phishing emails portrayed as coming from to come from DHL contained a malicious HTML file titled 'SHIPPING DOC.' If a victim clicked the HTML file, they were redirected to a login page that impersonated the Adobe brand.

Because the login page was pre-filled with the victim's work email, the attackers were likely attempting to trick the victims to enter their email passwords, the researchers say.

"Just like with the FedEx phishing attack, entering fake details on this page returns an error message asking the victim to enter correct details," the report states.

Social Engineering Tactics

Hackers waging phishing campaign increasingly are relying on social engineering tricks to entice victims to clicking malicious links, security researchers say.

"There are few brands like FedEx, DHL, and UPS that can quickly capture the attention of targets," says Chris Hazelton, director of security solutions at Lookout. "The goal here is to get people to click what they think is a valid link and then present them with a fake login page that they will recognize. If the fake page is convincing enough, then many users will login without thinking about it. These are the risks of cloud services - while they are accessible from any browser, many users inherently trust login screens that they recognize."

Organizations should train their employees to identify common patterns of phishing attacks, says Erich Kron, security awareness advocate at KnowBe4.

"They should look for fake reply-to addresses, hover over links that go to websites to ensure they go to a legitimate site and to look at the URL bar in the browser when they are taken to a login screen in order to ensure they are at the right place," Kron says. "In addition, the use of multifactor authentication that requires an additional code to be able to log in will help keep these accounts safer."

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.