Holidays are over, but don’t let employees’ guard drop over fake shipping emails

Share post:

The December holidays are over, but don’t expect phony malware-filled shipping emails to stop being sent to your employees.

In fact, researchers at Cofense say in a report released today, these phishing messages threaten several industries all year round and only increase slightly during holiday periods.

These are messages with subject lines such as “Important Shipment,” and “Invoice attached,” with messages claiming to be from well-known package handling firms — including DHL, Maersk, and FedEx — about invoices, air waybills (AWB), and bills of ladings (BoL).

Screen shot of a typical shipping-themed phishing message sent to companies
A typical shipping-themed phishing message sent to employees. Source: Cofense

The goal is to get an employee to download the supposed document — which is malware — or enter personal information.

The researchers did a three-year analysis, from 2021 to 2023, looking at phishing trends for this type of attack against several industries.

“Manufacturing stands out from the other industries as the most significant targeted industry in the three-year sample,” the analysis found.

“Despite the marginal increase during the holiday seasons, shipping-themed emails remain a consistent threat all year round, with significant volumes appearing in June, October, and November.”

After manufacturing, the top industries targeted were, in order, finance, insurance, metals and mining, and financial services.

The most common payload is the Agent Tesla keylogger, followed by FormBook, both of which are used for stealing data from infected computers. The third most common payload is malware that steals credentials.

The most popular delivery mechanism is Microsoft Office documents that try to exploit unpatched versions of the Office Equation Editor (CVE-2017-11882).

The second most popular way of delivering malware is through HTML files, through a technique called HTML smuggling, the report says. Infosec pros should note that usually this technique delivers credential phishing as attachments or via an infection URL embedded into the email. During the analysis it was seen that the total volume of HTML files and credential phishing were almost identical. This suggests that shipping-themed emails with credential phishing have a better chance of being delivered via an HTML file.

“Employees should always be prepared for when they receive a malicious email, whether personal or business, at any point in the year,” the report says. “Shipping-themed emails remain a significant year-round threat that may infect company assets and lead to more significant threats like ransomware if employees are not adequately trained.

“Practicing email security by detecting and reporting malicious emails all year round will decrease the likelihood of a malware infection or unauthorized access.”

The post Holidays are over, but don’t let employees’ guard drop over fake shipping emails first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways