As reported by Check Point in October 2022, DHL is the brand most imitated by criminals attempting to phish credentials and payment information during Q3 of 2022.
The scam typically dupes the victim into paying a small amount in order to allow a shipment to be delivered to them. Since the amount is tiny, often $2-3, the victim does not fear a great loss from making such a payment – after all, they are getting something delivered via DHL…..right?!
How exactly does this scam work?
First, the victim gets an email that contains a teaser like this:
The link in this example, slightly modified of course, seems to have a campaign ID or similar and terminate with the victim’s email address. After all, you want to know how effective your campaign is as a criminal:
Clicking the link bounces you off that compromised host onto a DHL look-a-like site where you are encouraged to begin entering your information:
Of course this information is not enough, the key to this scam is getting the credit card, expiry and CVV2 to run cardholder-not-present transactions:
The website look and feel is completed by the footer. If anyone actually tries calling 1.800.GoDiePost (1.800.463 3339), they will be amused as it is the Canadian FedEx Customer Service number. The criminals either have a sense of humour or want the victim to waste their time (and FedEx’s time) on a wild goose chase.
In the meanwhile, the crooks have the card number, CVV2 and enough personal information to go shopping.
The moral of the story is that these phishing campaigns do seem plausible, they do have a reasonable look and feel, logical user journeys and possibly come with a plausible flaw in the SMS not being delivered. Many people will fall for it, get no package and only realise when their next credit card statement arrives.