10K Phishing Emails Distributed Posing as Mail Couriers

According to Threatpost, researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers – including FedEx and DHL Express. Both scams have targeted Microsoft email users and aim to swipe their work email account credentials. They also used phishing pages hosted on legitimate domains, including those from Quip and Google Firebase – allowing the emails to slip by security filters built to block known bad links.

Phishing Scam Posing as Mail Couriers

“The email titles, sender names and content did enough to mask their true intention and make victims think the emails were really from FedEx and DHL Express respectively,” said researchers with Armorblox on Tuesday. “Emails informing us of FedEx scanned documents or missed DHL deliveries are not out of the ordinary; most users will tend to take quick action on these emails instead of studying them in detail for any inconsistencies.” The phishing email spoofing American multinational delivery services company FedEx was entitled, “You have a new FedEx sent to you,” with the date that the email was sent.

This email contained some information about the document to make it seem legitimate – such as its ID, number of pages and type of document – along with a link to view the supposed document. If the recipients clicked on the email, they would be taken to a file hosted on Quip. Quip, which comes in a free version, is a tool for Salesforce that offers documents, spreadsheets, slides, and chat services.

SpearTip’s ShadowSpear® Platform defends against phishing attacks by blocking malware from getting to machines. If you or someone in your organization clicks a malicious link like what is described above, ShadowSpear® immediately alerts our engineers and blocks the malicious executables from performing on your machines. In addition to the blockage, ShadowSpear® allows for continuous email monitoring.

It’s vital your employees are aware of what a phishing email looks like and have the ability to identify it. Most cyberattacks begin with non-technical end-users clicking something they are not privy to. However, the best way to stop cyber threats is to invest in SpearTip’s proactive services.

SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.