Cybercriminals abuse concern about your deliveries to grab your credentials

According to researchers at email security company Avanan, an unnamed malicious actor has launched a new phishing campaign posing as delivery company DHL.

The principle is simple: the victim receives an email message that looks like it was sent by DHL, informing them of a package that could not be delivered to their address. The person is then asked to log into their account to reschedule the delivery.

As is usual with phishing e-mails, the "login link" is provided in the e-mail. However, the victim is not redirected to the actual DHL website, but to a fake, almost identical copy.

If the victim actually tries to log in there, the data is sent to the attackers' command-and-control (C&C) center.

(Credit: Franziska Schaub, Sead Fadilpasic at TechRadar)

Please contact us directly if you have any questions related to your packages, which were shipped by Deallez!