Cybercriminals are abusing Christmas delivery anxiety to harvest your credentials

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

Cybercriminals are capitalizing on Christmas delivery anxiety in an attempt to steal email addresses, account passwords and other valuable information, experts have warned. 

According to researchers from email security firm Avanan, an unnamed malicious actor has kicked off a new phishing campaign, impersonating deliver company DHL.

The premise is simple: the victim receives an email message that looks like it was sent by DHL, alerting them to a package that could not be delivered to their address. The person is then invited to log into their account, in order to rearrange delivery.

As usual with phishing emails, the “login link” is provided within the email. However, instead of redirecting the victim to the actual DHL site, it sends him to a fake, almost identical copy. 

There, should the victim actually try to log in, the data is sent to the attackers’ command and control (C&C) center. 

Abusing the holidays

According to Avanan analyst Jeremy Fuchs, the campaign started in November, just in time for the holidays. He argues that whoever is behind the attack has timed the campaign to fall between Black Friday and Christmas, at a time when most online shoppers will be expecting deliveries.

The researcher also claims there’s a reason DHL was chosen, of all shipping companies; it’s the third-most impersonated brand, and delivers packages across the globe. As consumers “broadened their purchasing horizons” this holiday season, a DHL package is more believable, Fuchs claims.

The Covid-19 pandemic could also factor into the equation. The pandemic has wreaked havoc across supply chains all over the world, delaying shipments, leaving brick-and-mortar stores with empty shelves, and causing a scramble for new tech gear ahead of Christmas.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.