Post-Holiday Delivery Phishing Campaigns Seek to Infect Your Devices with Malware


Bitdefender Antispam Lab has observed a spike in phishing campaigns impersonating popular delivery services that seek to lure consumers into downloading malicious files on their devices.

Email-based attacks that exploit trusted delivery companies increased by 30% since January 10 to date, compared to the holiday season.

As usual, threat actors mimic well-known delivery services such as DHL, TNT, FedEx, and UPS, as they send out fake shipping notification emails that urge recipients to review or access attachments by confirming and verifying invoices or home addresses.

On January  18, 61% of all incoming correspondence appearing to come from DHL was marked as spam. Overall, nearly 30% of all spam received relating to the delivery service was either a phishing attempt or had malicious attachments.

Most messages include company logos, fake tracking numbers, or invoices that add credibility to their deceit. They claim that your parcel delivery is pending, and use various excuses to compel you into accessing the attachment, such as an incorrect delivery address, COVID-19 safety rules, or the claim that you were unreachable at the provided address.

The ongoing phishing campaigns prey on the recipient’s curiosity regardless of whether they are expecting a package or not. A user’s carelessness can be fatal in mere seconds, as he only needs to access the attachment to get infected. Ransomware attacks are still going strong, as they have proven to be a highly profitable business for threat actors seeking to make easy money.

Besides ransomware, attachments also include remote access Trojans. Once executed, they will allow the attackers to control the user’s system, harvest credentials, or deploy other forms of malware on infected devices.

Remember, nothing’s personal. Each recipient is just another number in the victim pool that may or may not fall to their gimmick.

Delivery phishing emails to look out for

Impersonating DHL delivery services is a fan-favorite among threat actors. Bitdefender Antispam Lab has picked up three versions of DHL phishing emails exhibiting different particularities and diversions to entice recipients into accessing a malicious attachment or link.

Sample 1. DHL phishing email

Sample 2. DHL phishing email

Sample 3. DHL phishing email

Emails pretending to come from FedEx express, courier, and delivery service lack a sense of effort, keeping most messages short and simple. This tactic is, of course, deliberate, ensuring that the recipient will be tempted to access the attachments to receive additional information.

Sample 4. FedEx phishing email

In one version of the scheme, a FedEx representative alerts recipients that due to strict COVID-19 safety rules, they must personally visit their local delivery office and bring the printed version of the attached AWB to pick up the package.

Sample 5. FedEx phishing email

UPS and TNT phishing emails were also spotted. Emails with the subject lines <<Shipment Arrival Notification Consignment>> contain links and attachments that, once accessed, will infect their devices with malware and credential-stealing Trojans. Other emails may refer to a specific shipment, providing the customer with a fake tracking number.

Sample 6. TNT phishing email

Sample 7. UPS phishing email

How to protect against delivery phishing scams

The frenzy surrounding holiday season shopping may have ended, but citizens are still conducting most of their shopping online. Therefore, it’s not surprising that cybercriminals continue to recycle old ruses or develop new means for duping the population.

To help protect against delivery phishing attacks, users can follow a simple set of rules:

  • Be suspicious of unexpected messages from popular delivery companies
  • Check the sender’s address for any slightly altered domain addresses
  • Never provide personal information or payment via online forms or links
  • Never follow the links provided in the email, but visit the shipping company page directly and look for official contact information to enquire about the correspondence or package delivery details
  • Check for spelling mistakes and grammatical errors even if the email looks legitimate

Install a security solution on your device to safeguard your private data against new and existing threats