The Covid-19 pandemic has forced people to shift to online platforms for every need of theirs, ranging from grocery shopping to any other household item. Cybercriminals have taken advantage of the vulnerability of online shoppers and are seen sending phishing emails to them.
Microsoft users recently received phishing emails falsely claiming to be from FedEx and DHL Express mail couriers. However, the malicious links in the message steal the victim’s credential.
FedEx Corporation is an American multinational delivery services company headquartered in Memphis, Tennessee. The company is known for its overnight shipping service and pioneering a system that could track packages and provide real-time updates on package location, a feature that has now been implemented by most other carrier services.
Recent attacks target at least 10,000 users of Microsoft, according to the tech giant. Scams used phishing pages hosted on legitimate domains such as Quip and Google Firebase, allowing emails to slip through Microsoft’s security filters.
According to Armorblox researchers, emails appear to be fraudulent to the target as email titles, sender names, and content are not convincing enough. However, emails informing recipients of scanned documents or missing deliveries will usually cause users to take action without studying the text for inconsistencies.
The phishing e-mail spoofing of the U.S. multinational delivery services company FedEx was entitled, “You have a new FedEx sent to you,” with the date the e-mail was sent.
This email contained some information about the document to make it appear legitimate – such as its ID, number of pages and type of document – along with a link to view the document. If the recipients clicked on the email, they would be taken to a file hosted by Quip. Quip, which comes in a free version, is a Salesforce tool that provides documents, spreadsheets, slides, and chat services.
A separate campaign embodied the German international courier DHL Express, with e-mails telling recipients that “Your parcel has arrived,” with their e-mail addresses at the end of the title.
DHL International GmbH (DHL) is a German international courier, package delivery and express mail service, which is a division of the German logistics firm Deutsche Post. The company delivers over 1.5 billion parcels per year.
The email told the recipients that the parcel could not be delivered to them due to incorrect delivery details – and that the parcel was ready for pick-up at the post office instead.
The email asked recipients to check the attached “shipping documents” if they wanted to receive their delivery.
“The email field in the login box was pre-filled with the victim’s work email,” the researchers said. “Attackers are banking on victims to think about before they act and enter their work email password in this box without paying too much attention to Adobe branding.”
Similarly, when the victims entered their details on this page, the FedEx phishing attack returned an error message.