DHL is a German logistics company providing courier, package delivery and express mail service, which is a division of the German logistics firm Deutsche Post. The company group delivers over 1.6 billion parcels per year.
During our PreCrime internet scout of October 12th 2022 we identified suspicious markers across multiple vectors. One of those was this website spoof that could be targeting unsuspecting users.
This domain is one among many targeting DHL at the moment. According to CheckPoint, DHL was the most imitated brand in Q3, where the they accounted for 22% of all phishing attempts globally.
This aligns with a statement issued by DHL in June 2022, where they announced that they are “currently the target of a major global scam and phishing attack”.
In general companies such as FedEx, Netflix and DHL are popular targets for brand impersonation due to their trusted name as well as large and global customer base. DHL will most likely see a continued increase in scams targeting their brand in the coming months as they did last year in Q4 with holidays such as Black Friday, Cyber Monday and Christmas coming up. During these holidays we generally see an increase in online purchases and package deliveries, giving threat actors a higher chance of succeeding in impersonating companies like DHL. Therefore, customers should stay vigilant and always use the legitimate domain dhl.com when checking their parcels.
When clicking on continue :
The malicious domain, international-package.pubchaplin[.]it created October 10, 2022, has been targeting DHL (dhl[.]com), a market leading German logistics company that delivers billions of parcels worldwide every year.
At Bfore.Ai, we work daily to ensure these phishing attacks get stopped before even reaching their targets. We are here to make your internet journey safer than it has ever been.
With more than 30K new malicious indicators per day we got you covered no matter where the attack comes from. Only 0.05% false positive rate, stop wasting time in false alerts chasing. By launching our PreCrime and PreEmpt technologies, we measure our anticipation from an attack starting, faster than attackers.
Accepting that the only defense is good detection, is accepting to be forever a victim. We believe in prevention more than response. Visit our website for more information !
Every day, adversarial tactics become more collaborative, technologically advanced, and rapid - and at this rate, you simply can’t afford to wait for the next attack before you react. Here are some recommendations from our team :
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Bfore.Ai) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of Client's compliance with any law, regulation or standard.