Attackers are Using Shipment-Delivery Scams to Lure Victims to Install Trickbot

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

 

Researchers discovered that threat actors are increasingly deploying scams that impersonate package couriers such as DHL or the United States Postal Service in authentic-looking phishing emails to trick victims into downloading credential-stealing or other malicious payloads. Separately on Thursday, researchers from Avanan, a CheckPoint firm, and Cofense identified current phishing scams that involve malicious links or attachments aimed at infecting computers with Trickbot and other harmful malware. 
Researchers stated the campaigns relied separately on faith in commonly used shipping methods and employees’ familiarity with receiving emailed documents linked to shipments to try to provoke further action to hack corporate systems. 
The emails used to send Trickbot in recent delivery service-related campaigns included official USPS branding as well as features such as third-party social-media logos from Facebook, Instagram, LinkedIn, and Twitter, “to make the email look even more credible,” researchers said. The emails, however, have a sender address that is totally irrelevant to the USPS, which might easily have alerted someone to their shady motive, they claim.
If the bait works and a user clicks on the link to the alleged invoice, they are routed to a domain that downloads a ZIP file, hxxps:/www.zozter[.]com/tracking/tracking[.]php. The unzipped file is an XMLSM spreadsheet called “USPS_invoice_EA19788988US.xlsm” that requires editing due to document protection — a common approach used in fraudulent e

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: