top of page

Cybercriminals abuse concern about your deliveries to grab your credentials

According to researchers at email security company Avanan, an unnamed malicious actor has launched a new phishing campaign posing as delivery company DHL.

The principle is simple: the victim receives an email message that looks like it was sent by DHL, informing them of a package that could not be delivered to their address. The person is then asked to log into their account to reschedule the delivery.

As is usual with phishing e-mails, the "login link" is provided in the e-mail. However, the victim is not redirected to the actual DHL website, but to a fake, almost identical copy.