Email scammers never seem to rest when looking for ways to bypass business spam filters. Sometimes their intent is to encrypt files while holding them for ransom ($$), other times their intent is to simply wreak havoc. Either way, computer users today must be adept at spotting and avoiding fake or scam emails. In this article we are going to analyze a fake shipping notification purportedly sent from DHL.
Employed within the scam mail (shown below) is the typical URL bait and switch trick. In other words an unsuspecting user might believe that the links in this e-mail would take them to a legitimate DHL website where they could follow-up on this notice, further investigating its cause, etc. However when one mouses over the links in this e-mail, they do not point to an address related to DHL but instead link to what appears to be a fake multimedia company’s website in Zaire.
(Click on the image to enlarge)
What are some of the red flags that this is a scam email? The first noticeable item is that the originating domain name purports to be “shippingexpress.com” instead of a DHL related domain name. ShippingExpress.com happens to be a domain name that is currently for sale (and thus not currently functional) by a company called AfterNic. The next item of interest is that the subject wording is too verbose and at odds with the content of the e-mail. Next, the word “POST” appears in all caps within the middle of the first sentence of the email. I think it safe to say that DHL proper would have taken the time to correct such an oversight on one of their most heavily utilized forms. There are also numerous other grammatical errors within the text of the e-mail.
Lastly, and mentioned earlier, when one “mouses over” the links within the e-mail they would actually take a person to a page on a website in Zaire. This technique of “mousing over” links in emails to verify the URL in question before actually clicking on the link, is a trick that should be employed by every computer user at every company before any e-mail link is “clicked on”. Again I must stress, this step must be performed on any link within any e-mail that a person intends to click on.
Needless to say this particular e-mail contains a wealth of clues that one could use to determine it is a scam before actually clicking on any of the links. A rule of thumb I often share with users is this: “If one must squint at an e-mail in wonder while determining if it is valid; this is your first clue that the e-mail is fraudulent (and any links or attachments within it must not be executed.)” Stated more succinctly, “If you find yourself wondering if an e-mail is valid…there is a 95+% chance that it is not.”
Be on the lookout for these and other scam “emails” that could contain virus related or other malicious payloads. Should you have questions or wish to seek additional confirmation about any particular email, feel free to send it to us for further investigation. When in doubt – delete, call the sender to verify, or forward to AVAREN support. The consequences of executing malicious payloads via scam mails can cost a business thousands of dollars in lost revenue, lost productivity, and repair bills.