Another wave of scams is back, taking the place of courier agencies like FedEx and DHL

Impersonation of logistics and courier companies is the most popular scam among cybercriminals, as they use classic Phishing Through SMS to cheat the users

Recently, ESET warned two fake emails Which supposedly come from FedEx and DHL. At first glance, they seem legitimate to many users, as the messages indicate that, in order for the processes to continue, it is The attached file needs to be opened Which will open a website developed by cybercriminals.

The page shows the login to DHL and FedEx to enter the access password, also, the preparation of these scams is not complicated.

scam messages.

Chinese companies allege that Amazon is withholding their declared funds.

ESET states that “After reviewing the files attached to the two emails, we see that by pulling down a few lines of HTML code and online resources, one can create websites of this style that are more or less reliable. We see Have decided to find the link to see if there is a coincidence between the two emails The domain where criminals keep the files that store the passwords they obtain,

Knowing the URLs, the directory hosting them can be accessed in the same compromised domain, but in different folders. This clue is enough to confirm that the people responsible for both missions Phishing They are the same.

Plus, if you access the parent directory, you can see how there are other directories that are probably related to other recent campaigns.

Users receive a phishing scam via email.

DHL couriers spread agent Tesla malware

Considering that cybercriminals use a domain that does not belong to the DHL company Request download and execution of attached file with CAB extension (This is not very common for most users receiving emails).

Opening this file starts a run chain that launches a command via powershell to install payload From ‘Agent Tesla’. Saying malware password theft stored in daily applications, Internet browsers and VPNs, in addition to, orGet information from infected device,

The data is then sent to the criminals via email, using the settings malware in your code and usually legitimate server abuse who have been committed in the past.

Assuming DHL message.
Assuming DHL message.

Sign up for our newsletter and receive the latest tech news in your email.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button