Some have grown used to seeing a wave of phishing campaigns in their email spam folder that they have become quick to ignore these messages and delete them for good. But a new email forgery that is purported to come from shipping company DHL might make you pause a bit and read it.
Beware, this is just another of those phishing campaigns that deserve to be consigned to the trash forever.
A typical phishing email normally contains alleged invoices, notifications, even solicitations. Richard Clayton, a researcher at the University of Cambridge, found a new kind of spam email that has a somewhat unique way of launching its attack.
The fake delivery notification appears to be genuine in that it has the DHS logo on top of the message that adds a feel of legitimacy to it. Furthermore, this is not your typical spam message with all the grammatical errors and faulty English.
The email tries to lure the recipient into downloading and opening an attachment before he or she will be able to claim the delivery at the local post office. The message then displays a blurred screen, which tickles your curiosity furthermore. It is allegedly for security purposes, and in order for you to open the attachment you will be asked to click and open a link.
If you open the link, you will be redirected to a strange website that would ask you to enter your credentials to log in and view the complete file attachment. Behind doors, the website actually scrapes off your email address and password.
It’s a shame that at present email providers are still unable to filter out this kind of spam messages. Email providers need to develop more intelligent filters that would identify links contained in email files that lead to malicious websites. This may take some time to accomplish, but if you are serious about security, the investment is worth it.
The level of phishing sophistication has escalated as users and security systems have grown more alert in detecting phishing campaigns. Cyber criminals, in return, have exerted more effort to level up as well. They are now working beyond just bypassing security filters. They are trying, and with much success, to get their messages to the hands of the intended victims.
Internet companies, however, do not lack in efforts to warn users of this campaign. But users click on unknown files anyway no matter the risk that lies ahead. So what is needed also is proper training and education for users.