During the holiday season, one in four phishing emails spoofed DHL. Attackers attached malicious files linked to credential harvesting pages and included a dangerous Trojan virus.
Typically, Microsoft is at the top of the brands that attackers most frequently imitate. In the fourth quarter of 2021, it was only second. DHL accounted for 23% of all phishing emails, compared to 9% during the third quarter of 2021.
Starting in January 2022, Avanan, a Check Point company, observed a new wave of hackers spoofing DHL and attaching malicious files that link to credential harvesting pages and include a dangerous Trojan virus.
“The attachment itself contains no malicious payload; instead, it redirects the web browser to a compromised web page. This strategy often allows phishers to go undetected due to the newness of the compromised webpage and the reactive nature of traditional anti-phishing defenses,” the company said in a blog post.
In this attack, attackers are spoofing a delivery message from DHL. A victim receives a purported shipping document for an already-arrived shipment. Instead of going to that shipping document, a malicious file goes straight to a credential harvesting page. It also installs a Trojan virus, a malicious file that can take over the user’s computer.