Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts warn of deliveries scams that use a COVID-19 theme

Kaspersky experts uncovered a new wave of phishing scams that use a COVID-19 theme and impersonate shipping carriers, including FedEx, UPS, and DHL. The COVID-19 outbreak is forcing people to work from home and make shopping online causing a consequent increase in the number of home deliveries. Crooks are attempting to exploit the crisis and […]

DHL COVID-19 phishing

Kaspersky experts uncovered a new wave of phishing scams that use a COVID-19 theme and impersonate shipping carriers, including FedEx, UPS, and DHL.

The COVID-19 outbreak is forcing people to work from home and make shopping online causing a consequent increase in the number of home deliveries. Crooks are attempting to exploit the crisis and are carrying out scams using COVID-19 delivery issues as a lure in the attempt to trick victims into visiting malicious links or open malicious attachments.

Kaspersky observed COVID-19-themed phishing scams that impersonate popular shipping carriers such as FedEx, UPS, and DHL.

One of the messages detected by Kaspersky impersonated DHL and informs the recipient that a package was being held due to the Coronavirus lockdown. The message urges the users to apply necessary corrections to the document in attachment. Upon opening the shipping document, the infection process will start and will install the Bsymem Trojan.

DHL COVID-19 phishing

Some of the emails used in the campaigns inform the victims of delivery delays, experts also noticed that the bottom of the message includes a statement that it was scanned by a mail security solution and that its content is secure.

Similar attacks employed messages that pretend to be from FedEx and inform users that a package is being held at the warehouse due to the COVID-19 lockdown. The emails urge the recipient to click on a malicious link to unlock the delivery and reschedule for pick up. Experts also discovered a similar campaign using UPS phishing scams.

“Spammers may pose as delivery service employees to persuade victims to open malicious e-mail attachments. The classic trick is to say that to receive a package that’s come in, the recipient must first read or confirm the information in an attached file.” reads the analysis published by Kaspersky.

“For example, a fake delivery notification e-mail in broken English says that a parcel cannot be delivered because of the pandemic, so the recipient needs to come to the warehouse and pick it up in person.”

Kaspersky experts also found phishing messages that pretend to be from UPS customer service and state that a package is being held for pick up due to the pandemic.

Kaspersky researchers recommend users to pay close attention to the wording and grammar of any emails they receive and to look carefully at the sender’s address.

Experts also urge to avoid opening attachments in e-mails from delivery services that urge the recipient to take action, in a similar way do not click on any embedded link. Install a reliable security solution that detects block phishing messages and access to phishing websites.

Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
https://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – phishing, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]