Subject:Colis Enregistré avec Succès FDLM 259433527364 _{^(2023-12-19)}

Overview

Threat actors collecting credit card credentials

Explanation

Threat actors are using a DHL phishing theme to collect credit card credentials.

The phishing mail’s content is short and concise and presents with a link to track a package.

Upon clicking on the button “Suivre le colis” the user is taken to a fake security check page where they have to pass a human verification check before accessing dhl.com. It is noteworthy that the domain shredderboise[.]com is in no way related to DHL.

After completing the captcha, the victim is redirected to a fake DHL page where they are informed that the shipment requires payment of custom taxes. The “Continue” button presents the victim with two options to pay the taxes:

• credit card
• cryptocurrency

If the victim chooses the credit card option they are requested to enter their card details which are then sent to the attacker while a fake processing screen is shown.

If the cryptocurrency option is chosen, the victim has to specify personal information such as first and last names as well as their email address. After choosing their cryptocurrency, they are presented with a wallet ID where the tax amount can be sent to.

Example

---

Prevention

If you are uncertain about the authenticity of an email, do not hesitate to contact the entity that seems to have sent you the email using a safe communication manner, using the phone for example (no phone number from the untrusted email must be used in order to verify the authenticity).
If you are working for the Luxembourgish government or are using any of the GOVCERT.LU services, it is important to forward phishing emails to us (using Reporting an incident or the Outlook button). This will allow us to take down phishing websites and protect members of our constituency.