Forcepoint has reported an ongoing phishing campaign aimed at stealing DHL login credentials. The campaign utilizes spoofed DHL emails to deceive victims, requesting confirmation of a waybill.
The phishing emails are designed to mimic legitimate DHL communications, but the sender’s domain is cupelva[.]com, which is not affiliated with DHL. Many potential victims neglect to verify the sender’s address, increasing the likelihood of falling for the scam.
The email includes a “Confirm Waybill Information” button that redirects victims to a fraudulent landing page. Here, victims are prompted to enter a parcel code, which is intended to elicit trust in the process. Forcepoint noted, “This page is designed to look like a shipment validation step. It is not a real OTP mechanism.”
After entering the parcel code, victims are directed to a second page where they must provide their login credentials. If victims supply their passwords, the information is sent to the attackers’ email, identified as slatty077@tutamail[.]com.
Additionally, the phishing effort captures victims’ IP addresses, device information, and location data. Proofpoint emphasized the effectiveness of this campaign, stating, “Phishing does not need technical sophistication to succeed.” The familiar DHL branding and deceptive validation steps contribute to its success.
