Holidays are over, but don’t let employees’ guard drop over fake shipping emails

Share post:

The December holidays are over, but don’t expect phony malware-filled shipping emails to stop being sent to your employees.

In fact, researchers at Cofense say in a report released today, these phishing messages threaten several industries all year round and only increase slightly during holiday periods.

These are messages with subject lines such as “Important Shipment,” and “Invoice attached,” with messages claiming to be from well-known package handling firms — including DHL, Maersk, and FedEx — about invoices, air waybills (AWB), and bills of ladings (BoL).

Screen shot of a typical shipping-themed phishing message sent to companies
A typical shipping-themed phishing message sent to employees. Source: Cofense

The goal is to get an employee to download the supposed document — which is malware — or enter personal information.

The researchers did a three-year analysis, from 2021 to 2023, looking at phishing trends for this type of attack against several industries.

“Manufacturing stands out from the other industries as the most significant targeted industry in the three-year sample,” the analysis found.

“Despite the marginal increase during the holiday seasons, shipping-themed emails remain a consistent threat all year round, with significant volumes appearing in June, October, and November.”

After manufacturing, the top industries targeted were, in order, finance, insurance, metals and mining, and financial services.

The most common payload is the Agent Tesla keylogger, followed by FormBook, both of which are used for stealing data from infected computers. The third most common payload is malware that steals credentials.

The most popular delivery mechanism is Microsoft Office documents that try to exploit unpatched versions of the Office Equation Editor (CVE-2017-11882).

The second most popular way of delivering malware is through HTML files, through a technique called HTML smuggling, the report says. Infosec pros should note that usually this technique delivers credential phishing as attachments or via an infection URL embedded into the email. During the analysis it was seen that the total volume of HTML files and credential phishing were almost identical. This suggests that shipping-themed emails with credential phishing have a better chance of being delivered via an HTML file.

“Employees should always be prepared for when they receive a malicious email, whether personal or business, at any point in the year,” the report says. “Shipping-themed emails remain a significant year-round threat that may infect company assets and lead to more significant threats like ransomware if employees are not adequately trained.

“Practicing email security by detecting and reporting malicious emails all year round will decrease the likelihood of a malware infection or unauthorized access.”

The post Holidays are over, but don’t let employees’ guard drop over fake shipping emails first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways