sircles.net Computer Support The sircles IT blog | Re: Hard Copy Sent - DHL Express Spam Warning!!

Twitter Feed Popout byInfofru

The sircles IT blog Internet Safety & Security, Windows Tweaks and Server Fixes

Re: Hard Copy Sent - DHL Express Spam Warning!!

18. December 2018 15:56 by sircles in Internet Security, Phishing
Re: Hard Copy Sent - DHL Express Spam Warning!!   We have seen this email circulating today in

Re: Hard Copy Sent - DHL Express Spam Warning!!

 

We have seen this email circulating today in ether:

 

From:                                                       Express Delivery <crossocean-delivery@express.com>

Sent:                                                         18 December 2018 11:10

To:                                                            Support

Subject:                                                   Re: Hard Copy Sent

 

 

DHL Express

 

Consignee Notice:

Dear Consignee (email@domain.com),

be informed that the information on your parcel label is incomplete, and this might result in parcel being impounded or delay in dispatch . please do review parcel details and reprint all required documents on time.

Parcel Documents

Download | Preview

Package Details:
1. BILL OF LADING
2. CERTIFICATE OF ORIGIN


Regards
DHL International


2018 © DHL International GmbH. All rights reserved.

 

The 'Parcel Documents' link actually points to http://coredelivery.ml/cross-delivery/dhl-com?email=email@domain.com

And 'Preview | Download' points at: http://coredelivery.ml/cross-delivery/dhl-com?email=email@domain.com too.

The website has already been marked as deceptive by Google and Microsoft and so it is nothing too much to worry about.

The link simply populates your email address in their login fields:

Whereupon they will download your email and try and access secure sites using your information or other blackmail etc.

Our example originated at: Express Delivery <crossocean-delivery@express.com>  but they will be arriving from all over...

Mark the email and site as dangerous.

We have informed the hosting company as this is not just a hacked subdirectory, but a full website.

 

 

 

Add comment