Phishers are targeting millions of DHL customers

As the end-of-the-year holidays are quickly approaching, people are starting to order more things (read: gifts for themselves and loved ones) online so that they can avoid the December rush and delivery problems.

This is also the time of year when cyber crooks usually start to ramp up their phishing and malware delivery campaigns, which often take the form of emails made to look like legitimate ones coming from popular package delivery companies.

It’s no surprise, then, that Comodo’s researchers have spotted a widespread spam campaign targeting the 2.5 million global businesses and consumers who used DHL shipping.

The email, made to look like it has been sent by “DHL Worldwide” (spoofed email, DHL logo and brand colors), urges users to check the tracking number of a parcel they are expecting and to confirm their delivery address.

In order to do this, they are prompted to follow the link in the email, which ostensibly leads to www.dhl.com/dl/tracking, but are actually directed to a phishing page made to look like the legitimate DHL login page (click on the screenshot to enlarge it):



The phishers are obviously after the users’ DHL account password, i.e. all the personal information they can get from the account (they already know the email address that functions as the username).

“After the phishing victim simply verifies their email address and enters the password, a page opens with the text appearing ‘Your email has been updated’ – making the victim feel as if all was an authentic transaction,” the researchers warn.

As always, users are advised to evaluate carefully every unsolicited email they receive before following links and/or downloading attachments.

Company IT sysadmins can block emails arriving from the werrtonholdings.com.au domain or the following IP address: 216.151.170.2. They can also block employees’ access to conceptsolutionind.com, the domain on which the phishing site is hosted on.