In a new wave of phishing campaigns, emails posing as FedEx and DHL has targeted over 10,000 victims. The first campaign was posing as FedEx would tell the victim "You have a new Fedex sent to you". The email would elaborate about the document in order to make it seem more legitimate. Once the victim would click on the attached link for the document it would take the victim to a fake Microsoft login page where the attackers would harvest the victim's Microsoft credentials. The attackers will use sites hosted on popular hosting services like Google Firebase and Quip in order to make the sites in the email to look more legitimate.
The second campaign that was posing as DHL took a similar approach as the FedEx phishing attempt. The DHL phishing email would claim that a package arrived at a local post
office and could not be delivered due to error in shipping information. There would be an attached document that looked like a Microsoft Office document but in reality would be an HTML file. When opened, it would show a preview of a spreadsheet but overlaid was login box that looked like it was from Adobe. The information entered in the login field would be sent to the attackers. Its believed that the phishing campaign was meant to collect company emails and passwords rather than Adobe credentials.
(Screenshot of what the DHL phishing attempt)
Social engineering attempts like these are growing more and more common, especially as everyone is working from home and emails are used often. At Firestorm Cyber we use Sophos Technology to block email phishing attempts like these so that you can have the peace of mind that all the emails in your inbox are legitimate. If you want to take the next steps to protect your company and employees, contact us.