• ISSP

Phishing of DHL Accounts

Updated: Apr 25, 2019

Hello everyone! Today we are going to discuss a case study of elementary phishing and, as usual, it’s a real-life example. Let’s analyze the following e-mail:

As you can see from the screenshot, the attachment represents an htm page which the unsuspecting “parcel recipient” is advised to download.

If we look inside this document, we will see JS code containing a Unicode string value encoded with the help of “escape” function:

To decode this fragment we may use the following resource, for example:

http://scriptasylum.com/tutorials/encode-decode.html

After decoding it becomes obvious that this is not the end and the text is still encoded, but this time using “base64”:

Ok, well, let’s decode this one as well. As a result, we have a code of the page run locally, which imitates the official DHL page and obviously fits for collecting DHL account e-mail addresses and passwords:

Among other things, the body of the page contains a link to the resource:

On attempting to visit the resource you are immediately redirected to the DHL website so that the user could make sure he/she is really on the DHL website without suspecting anything while checking the link in the browser:

Judging by traffic, there is a post that transfers passwords and e-mail addresses that we enter on the false page, and then, just as expected, it redirects you to the DHL website.

So, what you see is actual phishing of DHL accounts.

All that is left to do is block the link through firewalls and remind users once again to be very suspicious about, and double-check the links asking for their passwords.

41 views

CONTACT US

WE ARE HERE TO HELP

Please get in touch by completing the form or calling one of our offices listed below.  

arrow&v

Washington DC

1300 I Street NW

Suite 400E, Washington

District of Columbia, 20005

+1 202 749 8432

Kyiv

10/14 Radyscheva St., Kyiv

Ukraine, 03124

+380 44 594 8018

Tbilisi

33b Ilia Chavchavadze ave,

0179, Tbilisi, Georgia
+995 32 224 0366

Wrocław

1 Grabarska st., 50-079  Wrocław,

Poland

+48 71 747 8705

Almaty

808V, 165B Shevchenko St, 050009, Almaty,

Kazakhstan

+7 727 341 0024

k z @ i s s p . c o m

Vancouver

Suite 2600, Three Bentall Centre 
595 Burrard st., PO Box 49314 
Vancouver BC V7X 1L3 Canada

+1 289 968 4454

Toronto

Suite 2201, 250 Yonge St. 
Toronto, ON M5B 2L7 Canada
+1 647 361 5221        +1 800 573 0922 (toll-free)

i n f o @ i s s p . c o m

Copyright © 2020 ISSP. All rights reserved.