Yesterday, I received an official email from DHL EXPRESS regarding the failed delivery consignment. Read on to know more…
Yesterday, I received an official email from DHL EXPRESS regarding the failed delivery consignment. The subject of my email was titled “Package set for delivery on Nov 9 2020 to ??????@cisoconnect.com failed to be delivered {CHECK & RE_CONFIRM RECIPIENT DETAILS}”. The contents of the email
“Your package failed to deliver to it’s recipient due to error in delivery details provided.
Proceed to make amends in order to successfully deliver to recipient.
The below is the delivery schedule .”
This was enough to convince me for a second that the email was genuine. But on a closer look at the email details, I found that the email was sent from the id. “noreply@web-serveraccount.ml” and there was no specific Airway Bill (AWB) Number. This alerted me to probe further about the email and thus I was aware of the DHL Email Spam. Here’s my reminder to all of you to think before you click, even if it adds a few seconds to your day to review what the suspicious email is asking you to do.
“DHL Express Email Virus” campaign emails are essentially notifications of received packages. The messages state that users have received packages and encourage them to read attached documents for detailed information. This is clearly a email scam! The attached document infects the system. Be aware that DHL is a legitimate delivery company and has nothing to do with this spam campaign.
Modus Operandi
The “DHL Email Spam” campaign deceives unsuspecting victims through notifications of received packages. The courier delivery scams often entice you by telling you about an interesting “item” is on its way, such as a some important official consignment or some personal gift. At the same time, they pressurise you to act quickly by warning you that delivery will be delayed or even cancelled if you don’t pay a necessary fee to release the article from storage.
To avoid sounding greedy, and to imply that they’re not fraudsters, the amount to pay is often very modest, such as $1, which doesn’t sound like the sort of money a scammer would ask for if they were in it for the cash. That’s because they aren’t in it for the money up front — indeed, they never intend to bill you at all, because it’s your personal data that they’re after instead.
This time, the cyber crooks are following a much more cool strategy that doesn’t say much more than, “Hey, here’s how to track your delivery,” which is the sort of message you might reasonably expect when you order something, or when someone orders something for you:
“Incoming Package Notification!
This it to notify you that you have an incoming shipment registered in your email [REDACTED]. Please follow the URL below to track your shipment.”
More importantly, however, hovering over the link would show you a website name you’ve never heard of (this scam used a hacked webserver belonging to some company in a foreign country, as it happens).
If you click through just to see what this is all about, you’ll see a convincing simple web page. As unexceptionable and as unscammy as the page itself looks, the address bar is a fortunate giveaway that this is a scam. Ironically, the web service used by the company website will also support HTTPS with a valid HTTPS certificate.
About DHL Email Spam
Similar to “Apple Recent Purchase Email Virus”, “Payroll Timetable Email Virus”, “Companies House Email Virus”, and many others, the “DHL Express Email Virus” is a spam email campaign used to proliferate a high-risk trojan called LokiBot. Cyber criminals send thousands of deceptive emails encouraging users to open attached Microsoft Office documents. This leads to infiltration of the LokiBot trojan.
Cyber criminals often hide behind names of popular companies and governmental agencies. They do this to increase the number of infections, since users are much more likely to open files when they are received from familiar names. LokiBot is a high-risk trojan designed to record personal data, such as logins/passwords, web browsing data, and so on.
These people aim to generate as much revenue as possible and there is a high probability that hacked accounts will be misused. The presence of an information-tracking virus such as LokiBot can lead to significant financial loss and even identity theft. If you have already opened “DHL Express Email Virus” campaign attachments, there is a high probability that your computer is infected.
Mitigation
To prevent this situation, be very cautious when checking your official and personal emails. Think twice before opening email attachments. Files that seem irrelevant and those received from suspicious/unfamiliar email addresses should never be opened. Furthermore, have a reputable anti-virus/anti-spyware suite installed and running, since these tools are very likely to detect and terminate malicious files before they harm the system. Therefore, scan it with a legitimate anti-virus/anti-spyware suite and eliminate all threats.
This prevents malicious attachments from infecting the system. The main reasons for computer infections are poor knowledge and careless behavior. The key to safety is caution. If you have already opened “DHL Express Email Virus” attachment, we recommend running a scan with anti-malware to automatically eliminate infiltrated malware.