Microsoft users are receiving emails that purport to be from mail couriers FedEx and DHL – but that really steal their credentials. Recent phishing attacks have been found to target at least 10,000 Microsoft email users, both scams have targeted Microsoft email users and aim to swipe their work email credentials. They also use phishing pages hosted on legitimate domains, including Quip and Google Firebase, which allow the emails to slip by email security filters.
The email subject line, sender names and content did enough to mask their true intentions, with victims fooled into thinking the emails were really from FedEx and DHL Express. Depending on the content of the email, such as action required on a missed DHL delivery, most users may well take quick, urgent action on these emails instead of studying them in detail for any inconsistencies.
The FedEx email contained some information about a ‘missed’ document to make it seem legitimate, such as its ID, number of pages and type of document, alongside a link to view the supposed document. If the recipients clicked on the link, they would be taken to a file hosted on Quip, a free tool for Salesforce that offers documents, spreadsheets, slides, and chat services.
This page contained the FedEx logo and was titled, ‘You have received some incoming FedEx files.’ It included a link for victims to review the document which would then take them to a phishing page that resembled the Microsoft login portal, is hosted on Google Firebase, a platform cyber criminals have found to help them evade detection. If a victim enters their credentials on the page, the login portal reloads with an error message asking the victim to enter correct details, which could help attacks harvest further email addresses and passwords.
The DHL scam was similar and attempted to phish users Adobe credentials with a fake login page to view a PDF document. The influx of consumers using delivery services such as DHL and FedEx for online shopping is at an all-time high due to COVID-19. Businesses are continuing to use the services too, which makes both of these phishing emails particularly viable threats to companies.
If your business receives any email communications that claim to be from a delivery service, it is always worth checking with anybody within the company who uses delivery services to send/receive items from customers or suppliers. For example, your business might receive communications from FedEx, but they’ve never used FedEx ever! One check could save stolen email account credentials for the entire business.