Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails which attempt to dupe victims into downloading credential-stealing or other malicious payloads.
The emails used to deliver Trickbot include official USPS branding as well as details such as third-party social-media logos from Facebook, Instagram, LinkedIn and Twitter. This makes the e-mails look legitimate using known logos.
Examining th e-mails deeper reveils the sender address is unrelated to USPS or DHL which is a red flag for those examining the senders.
By spoofing a popular brand, the hackers are hoping to target vulnerable users who are regularly check for shipping notifications.
The e-mails contain an attachment. The attachment itself does not include a document file but rather directs the recipient to a credential-harvesting web page. Clicking on the file also installs an unspecified trojan which can also steal other sensitive data and ultimately take over a victim’s computer.
Make sure to examine your e-mails prior to opening them. The “red-flags” to be aware are:
(1) examining the sender of the e-mail. The display name and the actual e-mail address are two portions of an e-mail address. A display name could be named anything. The important portion of the e-mail address is the actual e-mail address.
(2) next, examine the content. Prior to clicking on any links, hover over them and read the URL; and
(3) know that most legitimate shipping tracking e-mails will never contain an attachment and will always have the tracking number within the body of the e-mail.
Most importantly, it is critical to have enhanced spam/malware protection for your e-mail since these services will scan your e-mail prior to the e-mails arriving in your inbox. The next protection is to ensure your systems are properly patched with next-generation malware protection. With the different levels of protection, it enhances your ability to mitigate these threats.
If you need any help with implementing a multi-level cybersecurity plan, we are here to help. Contact us.