Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails which attempt to dupe victims into downloading credential-stealing or other malicious payloads.

The emails used to deliver Trickbot include official USPS branding as well as details such as third-party social-media logos from Facebook, Instagram, LinkedIn and Twitter. This makes the e-mails look legitimate using known logos.

Examining th e-mails deeper reveils the sender address is unrelated to USPS or DHL which is a red flag for those examining the senders.

By spoofing a popular brand, the hackers are hoping to target vulnerable users who are regularly check for shipping notifications.

The e-mails contain an attachment. The attachment itself does not include a document file but rather directs the recipient to a credential-harvesting web page. Clicking on the file also installs an unspecified trojan which can also steal other sensitive data and ultimately take over a victim’s computer.

Make sure to examine your e-mails prior to opening them. The “red-flags” to be aware are:

(1) examining the sender of the e-mail. The display name and the actual e-mail address are two portions of an e-mail address. A display name could be named anything. The important portion of the e-mail address is the actual e-mail address.

Examining the Sender clearly shows this e-mail is not from FedEx even though the “display name” indicates the words FedEx Parcel.

(2) next, examine the content. Prior to clicking on any links, hover over them and read the URL; and

By hovering over the HERE above, the link clearly confirms this is not from FedEx

(3) know that most legitimate shipping tracking e-mails will never contain an attachment and will always have the tracking number within the body of the e-mail.

Most importantly, it is critical to have enhanced spam/malware protection for your e-mail since these services will scan your e-mail prior to the e-mails arriving in your inbox. The next protection is to ensure your systems are properly patched with next-generation malware protection. With the different levels of protection, it enhances your ability to mitigate these threats.

If you need any help with implementing a multi-level cybersecurity plan, we are here to help. Contact us.