Microsoft 365 subscribers are receiving a warning today about a phishing campaign that is impersonating DHL to trick customers into interacting with a malicious email. Attackers are using the logistics giant to add legitimacy to the emails and requesting Microsoft 365 credentials from unsuspecting victims.
The cybersecurity research team at Armorblox found the phishing campaign and published a report. According to researchers, over 10,000 emails have been sent to Microsoft 365 customers. It seems all the emails were sent to a “private education institution”.
Whether that is a school or university, it seems the target of this campaign is education users. The email is designed to look like official correspondence from DHL, including the company's branding. The email carries the title “DHL Shipping Document/Invoice Receipt” and informs the receiver that a customer has sent a parcel to the wrong address.
It asks for a correct address to be given so the recipient can receive the package. There is an attachment titled “Shipping Document Invoice Receipt”. When this is opened, there is a blurred Microsoft Excel file. A Microsoft login page then appears and requests the victim to add their Microsoft 365 account credentials.
“The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls,” Armorblox explains. “These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”
This is a relatively professional phishing campaign due to the seeming legitimacy of the email. The attackers have done a good job of effectively mimicking DHL. They even leverage a valid domain to bypass Microsoft's email authentication checks.
Needless to say, if you are not expecting a DHL package, you should ignore any email of this nature. If you are expecting a package, remember to cover the basic phishing protection checks for any unfamiliar email. Check the sender's address, look for errors such as spelling mistakes, study the language to see if its forceful or feigning urgency, and always scan attachments from unfamiliar sources.
Tip of the day: Is your system drive constantly full and you need to free up space regularly? Try Windows Disk Cleanup in extended mode which goes far beyond the standard procedure. Our tutorial also shows you how to create a desktop shortcut to run this advanced method right from the desktop.