As online shopping has quickly become the norm over the last few years, cybercriminals now frequently use fake delivery notifications as bait in their scams.
This makes sense as those who shop online often may sometimes forget about a package or miss a call from a courier like FedEx or UPS.
According to a new blog post (opens in new tab) from the cybersecurity firm Kaspersky, a new phishing scam impersonating DHL is currently making the rounds online. However, what sets this campaign apart is how the cybercriminals behind it are using QR codes to avoid detection.
Just like with other phishing campaigns, this one begins with an email that appears to come from DHL. While the sender’s email address is a random set of words (a red flag to look out for), the body of the email is quite convincing and includes the company’s logo along with a fake order number and the receipt for a package.
The message itself explains that an order has arrived at the recipient’s local post office but the courier was unable to deliver it in person. Usually these types of phishing emails would feature a link to “resolve the issue” but this time the cybercriminals responsible have used a QR code (complete with the DHL logo) and for good reason.
All of the best email services automatically scan for malicious links in messages that can lead to phishing sites or malware. However, many of them can’t yet scan for malicious QR codes which is why cybercriminals have begun using them more…
