A particularly vicious phishing campaign is currently circulating on the web. To harvest the personal information of their victims, hackers pose as the DHL delivery service. In the email sent to them, there is a QR code that leads to the malicious page, which avoids going through a suspicious link.
On the web, parcel scams are legion. There are many excuses to extract personal information and bank details from victims: whether it’s false customs charges or an alleged delivery rescheduling, hackers often use their imagination to achieve their end. Only here, very often, the pot of roses is discovered by the most skeptical because of the suspicious link that accompanies the operation.
Nevertheless, new hackers seem to have found the solution to this problem. In a recent blog post, Kaspersky unveils a phishing operation impersonating the DHL delivery service. The method itself is relatively classic: hackers send an email to their victim, claim that a package could not be delivered to them and therefore ask the recipient to reschedule delivery.
Hackers use a QR code to camouflage their phishing operation
Where this phishing campaign stands out is the famous link to the malicious site. Rather than copying it directly into the body of the email or hiding it behind a button, the hackers decided to use a QR, asking their victim to scan it with their smartphone. The scheme may already seem suspicious: why the hell use your smartphone to go to a site when you are already on your PC?
On the same subject — URSSAF: beware of this phishing campaign that wants your bank account
That being said, in the event that the victim does not ask this question, the technique turns out to be devilishly effective. By forcing the victim to view the phishing site on their smartphone, hackers take advantage of the smaller screen to hide any imperfections in their storefront. In addition, thanks to the QR code, they manage to slip through the cracks of the security systems.
Otherwise, the site works the same way as the others. After asking for the name, first name and address of the victim, the hackers go on the offensive by asking for the bank details. Kaspersky notes, however, that this campaign could also be used by them to resell the personal data collected.
Source: Kaspersky