Phishing couriers and fake deliveries


Scammers will ride on popular courier company brand names using phishing emails to steal from unsuspecting visitors.

My work days have recently been dominated by the new gTLDs with discussions on domain strategy for clients, and with media journalists on the cataclysmic shock many are predicting through the launch of the new TLDs . It had been a while since I received a good old phishing email. It made my day when I suddenly spotted an unsuspecting email that popped in to by inbox.

Apparently I had been sent a parcel though a well known courier company. They had tried to deliver it to me today, but as there was no one at home, the email informed me that  I needed to re-arrange delivery.  Nothing wrong with that, we all lead very busy lives and often deliveries come at the most inconvenient times.  So with the intention of great customer experience t the company had emailed me and asked me for my re-delivery instructions.  Except, it was a scam.

How do I know this?  Well, firstly I hadn't ordered anything that would require a delivery from this particular courier, and then there was the email itself.  It had come from the “Support Team” but when I clicked on the details tab for the senders email, it had actually come from an email which seemed to be from an adult entertainment company. Of course it was unlikely that the courier company had also ventured into the extreme adult industry, which of course wasn't the case.  I also checked the source code of the email just to see where the link would take me if I clicked on the button requesting that I arrange a re-delivery.  This link took me to a website belonging to a French lawyer, which was a perfectly legitimate site.

However, buried deep in this website, unseen to the naked eye, there will be some malicious code placed inside that website by criminals who exploits weakness in the code of the website (known as a SQL injection).  This malware would be downloaded to anyone’s PC without their knowledge.  And from that point onwards, the cyber criminals would have another victim.

These type of emails aren’t new.  Phishing has been around since banks started allowing online access to products and services.  But whilst most phishing emails aim to gain personal financial details by diverting unsuspecting users to a copy-cat website, this new style of attack is much more worrying.  The nature of the malicious code could be many fold.  It may be designed to capture personal details through a keystroke recorder, or it may sit dormant until an instruction is sent to the infected PC to join thousands of others in a botnet to wage an Distributed Denial of Service attack (DDoS) on a corporate network. This is all whilst you sit happily continuing to use your computer, blissfully unaware of the malicious activity going on.

The courier company will probably be completely unaware that their brand is being abused in such a way; nor will the French lawyers or the adult website being used to send the emails from (their address is more than likely to have been “spoofed” to make it look like it was them sending the email if someone like me looked for the sender details).  That is the issue with these phishing attacks – they are nameless, faceless crimes which rely on our human nature to work.  But there are ways in which transport and courier brands like the one above can make sure they are at least aware of these potential cyber crimes.

As consumers we should NEVER click on any links in unsolicited emails.  We should  be on our guard when an email arrives promising something that we have no knowledge of.  If you do know your way around email clients then click on the “view source” option and see what the url of the link is.  Make sure it matches with the organization from the sender.  If in doubt, do nothing.  A genuine message from a courier company will have a tracking number which you can enter into the legitimate courier company website and see if there is a real package at all.

As a company, a brand protection strategy, such as the NetNames Search Find Stop approach will help you identify where your digital online assets are being abused online.  Whether it is negative sentiment posted on forums and social media, or fake websites selling counterfeit goods, or phishing attacks such as the example I received above, it is vital for a company to know where their brand is being abused, their traffic is being diverted, their customers being deceived, and finally where their profits are being taken.


Written by Stuart Fuller, Director of Commercial Operations and Communications

30 April 2013