Hackers are doubling their inventiveness to scam customers of various companies. But overall, parcel services – whose business continues to grow rapidly with the rise of internet shopping – remains a sector increasingly hit by cybercriminal activity. All with increasingly pernicious methods to scam as many customers as possible.
Trustwave SpiderLabs researchers are thus alerting to a rather formidable phishing campaign whose goal is to collect the most sensitive data on DHL customers, such as payment data, and information that can then be used to usurp their identity. To do this, hackers had the effective and formidable idea of posing as the official DHL chatbot.
Beware of “official” DHL chatbots that are not
The modus operandi works as follows: the victim receives an email stating that a DHL package is waiting for him and that further instructions are needed via a link. If the victim clicks, they end up on a hacked copy of the DHL Support Center, with what looks like a chatbot. Of course, the latter is very limited in what it can do, and is only intended to collect the data wanted by hackers.
The victim quickly therefore finds himself communicating his official DHL identifiers, everything written on his payment card, his name, his address and any other personally identifiable data that hackers can use, for example, to subscribe to credits in the name of the latter. Apparently, the phishing page is not completely purged of dubious elements which should raise suspicion.
For example, at one point, a page asks for an OTP code received by SMS – except that among the huge amount of questions aimed at collecting personal data, at no time do the hackers ask for the victim’s phone number. To pass the screen in question, it is then necessary to enter codes at random several times.
Read also – Parcel delivery: watch out for this new scam in your mailboxes
Vigilance is therefore required to avoid falling into the trap. Especially since this type of scam can be emulated and the phishing page could improve in the coming weeks, becoming more difficult to detect. The best way to protect against phishing in 2022 is to install a good antivirus like Bitdefender which blocks known malicious domains. We have negotiated a very interesting offer for the readers of Presse-citron. Click the button below to find out more:
Discover the offers
