Shipment Delivery Scams - Popular Way to Spread Malware
Reading Time: 2 minutes

Shipment delivery scams are fast becoming a popular way to spread malware. Bad actors are spoofing courier services like DHL and US Postal service and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads. 

According to researchers at CheckPoint, recent phishing campaigns include malicious links or attachments aimed at infecting devices with Trickbot and other dangerous malware. The bad actors are using the trust factor when it comes to shipping and employees’ comfort when receiving emailed documents related to shipments and later try to extract further action and compromise the corporate systems. 

There has been an increase in this type of shipment delivery scam, such is the nature of the threat that DHL has toppled Microsoft when it comes to the Check Point Software list of brands most imitated by threat actors in the fourth quarter of 2021. Nearly 23% of all the phishing email scams related to couriers were during the time frame when the company’s name had been attached to only 9 percent of scams in the third quarter.

Cofense Phishing Defense Center earlier discovered a Trickbot phishing campaign, that used emails that claim to be a missed-delivery notice from the U.S. Post Office but instead include a malicious link.

Earlier this month researchers from Avanan, found a new wave of hackers spoofing DHL in phishing emails that aim to spread “a dangerous Trojan virus” . It notifies victims about a shipment that has arrived and asks them to click on an attachment to find out more details.

Avanan in a report said, “With the supply-chain delays, receiving a notification that a delivery attempt was missed can lead to frustration and entice the recipient to open the invoice link to further investigate.” 

The researchers said the emails used to deliver Trickbot include official USPS branding as well as details such as third-party social-media logos from Facebook, Instagram, LinkedIn, and Twitter, “to make the email look even more legitimate.” 

Related Articles:
Linux Distros Haunted by Polkit Bug for 12 years – Grants Root Access to any User
New DazzleSpy Backdoor in Watering-Hole Attacks infects macOS
FBI and Cybersecurity Experts Warn About QR Code Scammers