Scam of the Week: Shipping Scam Spoofs “Dhl Express”

David Fortner Avatar

Many of us are used to receiving messages from shipping companies, so cybercriminals use similar emails as phish bait. Let’s take a look at a recent shipping-themed phishing attack and see if you can spot the red flags: 

Sent from “Dhl Express”, the email claims that you have something waiting for you at your local post office. The message states “To receive your parcel, Please see and check attached shipping documents.” and it includes a .html file as an attachment. If you open the attachment, a web page displays that looks like a blurred-out Excel spreadsheet. Covering this blurred image is a fake Adobe PDF login window with your email address already populated in the username field. If you enter your password and click “View PDF Document” your email address and password will be sent straight to the bad guys.

How many red flags did you see? Remember the following tips:

Look for poor grammar and capitalization. For example, the sender name “Dhl” should be “DHL”. Also, in the body of the email, the word “Please” is in the middle of a sentence, so this should be lowercase. 
Check the file type. The email attachment is a .html file, but most legitimate documents are shared as PDFs, spreadsheets, or word documents. HTML files are designed to be opened in a web browser, much like a link to a website. 
Watch out for anything out of the ordinary. An Adobe PDF login window blocking what appears to be a Microsoft Excel file is quite unusual.
Stop, Look, and Think. Don’t be fooled.
Executive IT Help Security Team
Office: 832-295-1411

Tagged in :