SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
DHL phishing email drops malicious .exe file on curious victims
Tue, 24th Jan 2017
FYI, this story is more than a year old

Another phishing email is doing the rounds in Australian inboxes, and this time it's a fake email that appears from trusted courier company DHL.

Experts at MailGuard picked up on the scam in a blog post, which described that the fake email appears to contain details about a package being sent to the victim.

MailGuard says the email, sent from “DHL-Services Notification” contains an attachment with the ‘details', but it is actually a malicious Trojan.

That Trojan is not a word document or PDF; it is an automatically executable .exe file that can monitor infected systems and potentially steal sensitive information.

MailGuard says those infected with the malware may not know they have been targeted until later when their details and bank accounts have been stolen.

The company says that DHL, Fedex and Australia Post are popular targets for scammers, as they are seen as trustworthy organisations with large customer bases. Victims are also curious about potential parcels coming their way, which makes them susceptible to clicking on fake emails.

MailGuard suggests that users trash emails that:

Don't address you by name, use poor English or leave out crucial details that genuine senders would provide, such as tracking IDs

Are from senders you do not expect to receive emails from

Have attachments or downloads, especially those with .exe file extensions

Send you to a website that does not match the URL the email is supposed to be from.