DHL Customers Phished Using South African Gov Website

Written by

DHL customers’ credentials are being targeted once again by phishing, according to the Comodo Threat Research Labs.

What’s unique about this campaign is that a South African government website is being hacked to host the malicious phishing URL.

Specifically, a bogus email mimics a DHL shipment notification alerting the customer to fill in the required information in order to take delivery of a parcel. However, the link provided within the email does not take the user to an official DHL website, but instead to a compromised domain of the South Africa Accreditation Authority, a government entity.

When victims click on the link, they’re redirected to a site that is an exact copy of an official DHL website. Tricked customers may end up complying with payment requests and could ultimately end up with a system-wide infection.

“It’s a clear example of how compromised government assets may be utilized in phishing attacks targeting citizens. No organization or company is secure enough, unless the necessary measures are taken. Government assets are no exception,” said Fatih Orhan, director of the Comodo Threat Research Labs, in an alert.

DHL is warning its customers. A statement on the DHL website reads: “Attempts have been made to defraud Internet shoppers by the unauthorized use of the DHL name and brand via email communications and graphics which appear, on the surface, to have originated from DHL. In most cases the communications concern the sale of consumer goods over the Internet where payment may be requested before the goods are delivered. Please be advised that DHL does not request payment in this manner. DHL only collects money due for official DHL related shipping expenses.”

Photo © Lucian Milasan/Shutterstock.com

What’s hot on Infosecurity Magazine?