A new email scam is making the rounds — this time, cybercriminals are impersonating parcel delivery companies in Australia.
When busy shopping periods take place, such as right after the holidays or coming up on Valentine’s Day, it doesn’t take long before the fake delivery emails start reaching unsuspecting consumers. Craig McDonald, CEO of MailGuard, joined this week’s Hacker Tracker to provide some insight into how fraudsters perpetrate phishing email scams and how trusted brands can prevent their name from being dragged through the cyber mud.
Making Consumer Trust Pay Off
Unfortunately for both consumers and the businesses they trust, email phishing scams have become a go-to and very successful attack method for cybercriminals.
This is notably because creating an email impersonating a trusted company is easier today than ever, which makes it an effective way for fraudsters to exploit customer loyalty and the large customer bases of big brands.
McDonald explained that many popular brands already have a readymade audience of recipients who are likely to have a trusted relationship with the company. Research from Google and the University of California found that cybercriminals pretty much have an instant foot in the door when impersonating well-known and well-liked brands. More than 25 percent of the customers surveyed have opened phishing emails, while a well-executed phishing landing page can have a success rate of as much as 45 percent.
It’s no wonder hackers just keep phishing.
Recently, MailGuard noted a rise in fake emails mimicking package delivery service DHL and impacting customers in Australia. The email messages in question contain an attachment with details about a package that has been shipped to the recipient, but when the attachment is clicked, it executes a malicious Trojan downloader.
The file has the ability to monitor activity on the affected system and possibly even steal passwords and bank account information, MailGuard explained in a blog post.
The sender of the fake message appears to be “DHL — Services Notification” but actually originates from a comprised inbox. Unfortunately, once the system is infected by the malware, it could be weeks or even months before victims realize their information has been compromised.
“Delivery notification email scams are incredibly ubiquitous because they have a high success rate,” McDonald told PYMNTS.
“They work on two fronts: leveraging the brand recognition built up by big names, such as DHL, and appealing to people’s curiosity. By pretending to be a parcel deliverer such as Australia Post, Fedex or DHL, they hope people will click the malicious link to find out if they have something arriving in the mail. When the victim clicks, their computer is instantly compromised,” he said.
While phishing email scams may seem quick and dirty, McDonald said the reason they work so well is because cybercriminals take time and effort perfecting their plan of attack.
Just one phishing email could actually be the result of months of planning. MailGuard observed an Australia Post scam last month that almost perfectly mimicked the real site, McDonald explained, right down to its responsiveness.
“We’re seeing these people outsource the work to expert hackers — cybercrime as a service, as it’s now known,” he added.