Photo by peiflickr
In a return to a classic scam, small and medium-sized businesses are being targeted with a new wave of spam emails disguised as DHL shipment notifications that actually deliver password-stealing malware.
Another day, another spam campaign. This time, researchers have spotted a large new wave of spam emails targeting mostly small and medium-sized businesses with messages masquerading as notifications from the shipping company DHL.
Shipment notification scams are nothing new, but their regular appearance hints at an unfortunate truth — they work. For many users, emails from companies like DHL, FedEx, and UPS are nothing too out-of-the-ordinary, and when attackers disguise the emails properly with the proper logos and messaging (as is the case in this campaign), these attacks can be frustratingly effective.
Let's take a closer look at an example email from this latest campaign so you can show your users what to look out for:
Source: My Online Security
As you can see, the email appears to be sent from what could conceivably be a valid DHL email address: DHL Logistics <no-reply@dhl.com>.
The subject line is "DHL Shipment Notification," followed by a random number posing as an order number.
The email directs the recipient to open an attachment labeled "SHIPPING DOCUMENTS," which is actually a .rar file. The attackers behind the campaign likely chose the .rar format since it allows them to hide and compress malicious files inside it, reducing the odds of detection.
Once opened, the .rar attachment extracts two executables that are disguised with video file icons. When either are executed, the malicious file contacts ‘hxxp://kwe-za.com/obinna/obaino/php/index.php?action=add&username=&password=&app=&pcname=PC&sitename=’ and begins conducting password stealing activities, with the aim of scraping login credentials from IE browser history, social media accounts including Facebook, and email clients including Gmail and Yahoo.
The stolen credentials can then either be sold or used to gain a stronger foothold on the infected system and its network.
As long as campaigns like this are making the rounds, training users to recognize and avoid falling for spam emails and phishing attempts is an ongoing priority.
Even the best security awareness initiatives take time, however, and, in the meantime, as employees are getting up to speed, all it takes is one click for disaster to hit. That's why it's equally important to protect users and their devices with stronger, smarter endpoing protection designed to block even the newest malware antivirus solutions routinely miss.
Find out how Barkly can protect your organization and why you need endpoint security that goes beyond AV.
Providing the latest security alerts and updates with context that makes them useful.
Get the latest security news, tips, and trends straight to your inbox.
Get the latest security news, tips, and trends straight to your inbox.
ebookNew eBook:
5 companies, 5 attacks, and the reality of ransomware recovery.
close
Keep in Touch
© 2018 All Rights Reserved. Barkly is a registered trademark of Barkly Protects, Inc. | Privacy Policy and Terms of Service