Cybercriminals abuse concern about your deliveries to grab your credentials
According to researchers at email security company Avanan, an unnamed malicious actor has launched a new phishing campaign posing as delivery company DHL.
The principle is simple: the victim receives an email message that looks like it was sent by DHL, informing them of a package that could not be delivered to their address. The person is then asked to log into their account to reschedule the delivery.
As is usual with phishing e-mails, the "login link" is provided in the e-mail. However, the victim is not redirected to the actual DHL website, but to a fake, almost identical copy.