Security researchers have observed a big spike in the setting up of fake sites and e-mail addresses by cyber criminals to impersonate popular delivery services in the middle of the shipping crisis and lure Internet users to download malicious files in their devices.
In a blog post published Monday, security firm Kaspersky said it has observed cyber criminals posing as employees of popular delivery services in emails to trick recipients into downloading malicious files into their devices. For example, a fake delivery notification e-mail informs recipients that parcels can not be delivered, that they have to collect their parcels from the warehouse, and that the warehouse address and other details are mentioned in an attached document.
The firm found that if a recipient opened the malicious e-mail attachment, it installed a Remcos backdoor on the computer to either exfiltrate stored data or to make the PC join a botnet. Cyber criminals behind the phishing campaign are also inserting images of documents in emails to add credibility, instill a sense of urgency among recipients and are also using the Bsymem Trojan to take control of devices and steal data.
Following are some themes cyber criminals are using to lure Internet users to download malicious attachments into their computers:
- Inserting images of documents in a message to add credibility
- Requesting additional information from customers to deliver packages
- Asking users to collect parcels from a warehouse and including details in a malicious attachment.
- Inserting statements in emails that mention that attachments are scanned by a mail security solution and found to contain no malicious files or links.
- Mentioning COVID-19 and focussing on quarantines and the rapid spread of the pandemic in emails.
Aside from sending fake emails in the name of popular delivery services, cyber criminals have also set up highly believable copies of legitimate websites as well as fake tracking pages that replicate official homepages of legitimate websites. These fake websites contain little information other than a form for entering credentials and a list of “partner” e-mail services.
How can Internet users protect themselves from such phishing scams?
According to Kaspersky, no matter how legitimate the fake websites or phishing emails appear, Internet users can protect their devices from malware infection by practicing recommended cyber hygiene norms such as:
- Checking email addresses carefully as well as formatted text and grammar for anomalies
- Not downloading or opening email attachments. Rather, users should log in to their personal accounts on couriers' websites to check for new updates.
- Not to fall for emails that exploit coronavirus to instill a sense of urgency
- Installing a reliable security solution that detects malicious attachments and blocks phishing websites.
"One of the most common phishing scams is to use a delivery shipment as the subject of the email. The end user is curious about the package or if they are currently expecting a delivery. Our human nature sparks our curiosity of wanting to know about that delivery," says James McQuiggan, a security awareness advocate at KnowBe4.
"With these delivery phishing scams, it's crucial not to rely on the link in the email. It's a lot more reliable to copy the shipping or tracking number from the email and paste it on the actual websitem as the tracking information will be located on the home page in most cases. This quick check reduces the risk of trying to see if the link is valid or not. If the search comes up with a package, then you can verify it has come to your organisation or home.
"Unfortunately, the phishing scams relating to COVID-19 are not going away anytime soon, as criminals work to leverage everyone's fears about it, especially regarding any supply chain concerns for an organisation. They can protect their employees by providing security awareness and training to educate them on the risks and help them to identify any phishing emails and report them to their IT team," he adds.
ALSO READ: Hackers impersonating emails from banks to spread malware to customers’ devices