News from the Spamfilter: Your package is waiting for delivery — Phishing
These type of posts are about picks from my Spamfolder and Palo Alto Networks Cortex XSOAR investigation, whenever there is something new or types of Spam I see for the first time, you will read it here…
Why write about this?
Don’t we all see and like it, DHL Phishing emails. Especially now, you are waiting on the final deliveries which did not make it for Christmas or you already spend some of the gift cards you received. This makes it a great time for DHL themed phishing emails.
The Email itself
The email looks rather nice, if I may say so.
What always makes a huge difference is that the creator actually uses the official header picture from DHL
https://www.dhlexpress[.]be/wp-content/uploads/2020/03/image-1-1024x313.png
For comparison here is an original DHL email and the fake one
While we of course can spot a huge difference, a small screen and someone unfamiliar with these type of notifications can make a huge difference. Color schema and fonts are a actually not that bad.
If we pay attention to details, most odd seems to be the “Henry’s package” especially, as you know that such an email would be automatically created, the package should not occur bold.
Technical
Besides the nice artwork, there isnt any anything special about this Spam email.
The email originates from hotmail.com which but actually used a different server to be send via
Received-SPF: softfail (google.com: domain of transitioning dhl-irujayds@hotmail.com does not designate 72.47.46.74 as permitted sender) client-ip=72.47.46.74;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning dhl-irujayds@hotmail.com does not designate 72.47.46.74 as permitted sender) smtp.mailfrom=dhl-irujayds@hotmail.com;
which is also quite interesting. The servers home seems to be in Texas USA, what also comes as a surprise.