A scam based on a fake DHL delivery notification has been making the rounds with the malicious actors using a new, mellow approach to conning people out of their information.Delivery notifications scams themselves are not new, but Sophos’ team came across a version using a well-constructed, yet still flawed, DHL message that uses a bit of reverse psychology. Instead of filling the email with lots of exclamation points and dire messages it calmly informs them a package is on the way and it can be tracked by clicking the included link.If the victim decides to click through he or she is presented with a good representation of a DHL tracking page that asks for the person’s login credentials. If this is done the bad guys obtain credentials to access a the DHL account and they can also check if the victim is among the many that use the same username and password for other accounts.
There are a couple of missteps taken with the both the email and the fake tracking page. Hovering over the link in the email shows it does not lead to a DHL site, but instead to a webserver belonging to a Bahrain-based construction company that was hacked and taken over by the criminals.The same problem takes place on the fraudulent tracking page. The URL does not in any way relate to the shipping company nor is it secure, Sophos said. Foolishly, the threat actors in this case made a second error by not utilizing the hacked server’s HTTPS certification in their scam creating another way to tell it is malicious.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news