Phishing attacks, in which cyber criminals impersonate third parties to steal personal data from the victim, have long been among the main problems of companies and users. Cybersecurity company Kaspersky has detected a new campaign of this type in which criminals, taking advantage of the growth in online commerce due to Covid-19, impersonate messaging firms, such as DHL, to gain access to access devices, obtain information and infect with malware (computer virus).

“The evolution of the pandemic has created chaos in many industries, including messaging, and we are not surprised that cybercriminals try to use it for their own benefit. With people receiving notifications about delivery delays and shortages of items, and without the option to buy the necessary items in stores, these types of scams have a very high probability of success, “explains Tatyana Shcherbakova, content analyst Kaspersky website.

The way of operating of cyber criminals is similar to other phishing campaigns. In this case, they are posing as courier company employees. Through an email, usually written in English and with grammatical errors, they contact the user to inform them that they have a package to deliver. However, they explain that for this you must read and confirm an attachment to the message. From Kaspersky they point out that the moment the victim opens it, a computer virus is automatically downloaded to the computer or mobile device.

They point out, at the same time, that they have found cases in which the messages of the criminals are related to the pandemic, such as Covid-19. In one of the examples, they state that the government has prohibited the importation of any type of goods, so the package has been returned to the sender. In this case, the attached file supposedly contains a tracking number that will allow the user to request the forwarding of the order when the situation changes.

Among the “malware” discovered by Kaspersky within this campaign is, among other malicious codes, Remcos. A virus capable of stealing data, acting as a bot and downloading more malicious code. Likewise, from the cybersecurity company they point out that the criminals have also been creating very credible copies of popular pages of messaging services with the aim of stealing keys and passwords. They have also discovered in others the Bsymem Trojan that, if executed, allows to take control of the device and access the information it houses.

In these cases, they ask the victim to provide data such as email and password with the excuse of being able to follow the order’s path. “Although everyone is looking forward to receiving their orders, it is always important to carefully evaluate where these emails come from, making sure that the website address is correct,” Shcherbakova recommends.

How to protect yourself

To avoid this type of scam, in addition to having a quality antivirus solution, Kaspersky stresses the importance of verifying that the email has been sent from an account that, in fact, belongs to the courier company. They also recommend not to download attachments, especially if the message is very insistent on it. Instead, the user must go to the company’s website and manually enter the address of the service in the browser and check the tracking number. They also remember to be especially careful if you receive a message mentioning Covid-19, since cybercriminals are currently trying to exploit it due to the social concern it generates. .