National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

Fake Fedex and UPS delivery issues used in COVID-19 phishing

28 Απριλίου 2020

As people socially isolate and work from home, shopping online and home deliveries have increased.

Scammers are capitalizing on this by creating new scams using Coronavirus delivery issues as a lure to get people to visit malicious links or open malware.

In a new report by Kaspersky, researchers see a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL.

Package delivery phishing use Coronavirus lures

In one of the emails seen by Kaspersky, attackers impersonate DHL and state a package was being held due to the government lockdown during the Coronavirus crisis. It then prompts the users to make corrections to the attachment shipping document, which will then install the Bsymem Trojan.

Another email found by BleepingComputer pretends to be from FedEx and states that due to the Coronavirus “lock-down”, a package is being held at the warehouse. They then prompt the user to click on a phishing link to reschedule for pick up.

Last but not least, threat actors are also sending UPS phishing scams using the same theme as the one we saw with FedEx.

In emails seen by Kaspersky, attackers are pretending to be from UPS customer service and state that a package is being held for pick up due to the Coronavirus outbreak. The recipient is then prompted to open the attachment to see instructions on how to pickup the package.

This attachment is a malware executable that will download and install the Remcos Remote Access Trojan (RAT). Once infected, the attacker will have full access to the victim’s computer.

Protecting yourself from phishing emails

Since the beginning of 2020, researchers from Zscaler have seen a 30,000% increase in phishing attacks using Coronavirus lures to steal credentials or install malware.

Due to this, everyone should be extremely suspicious of any unsolicited emails they receive that mention the Coronavirus pandemic. This advice includes emails about stimulus payments, SBA loans, shipping issues, termination letters, payroll reports, and alleged information from the CDC or the WHO.

Kaspersky also recommends that you pay close attention to the wording and grammar of any emails you receive.

“Pay attention to the text. A major company will never send e-mails with crookedly formatted text and bad grammar,” Kaspersky advises.

As you can see from the DHL phishing email outlined above, the attackers didn’t even try to make the text of the message look convincing and should immediately be treated with suspicion.

Finally, Kaspersky states that you should never open attachments in emails from shipping or delivery services and should instead login directly on the carrier’s web site to check for any possible shipping issues.

In general, everyone needs to be hyper-vigilant while working from as they do not have the usual security protections in place that they would in an office environment.

The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

ENISA: Cyber threats require heightened defences

#CyberSecMonth 2017 - Cyber Security in the Home