publishing date icon
April 28, 2023
read time icon
5 min. read

Threat feed week 17: Tinder, DHL, and Google Drive PDF impersonations

Post hero image

Table of contents

share this post

Voice message phishing email

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious attachment

Region: Global

Analyst: Verna Kuusniemi

Date: 26.04.2023

This email’s subject line urges the receiver to listen to their voice message.

Enter password Because you're accessing sensitive info, you need to verify your password Password Forgot my password Sign in

The email message only includes an HTML file. The file contains a credential harvester mimicking the Microsoft Outlook login screen, prompting the user to sign in.

DHL package delivery impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Verna Kuusniemi

Date: 26.04.2023

This message is a classic package delivery phish. It urges the recipient to update their delivery information to receive their package delivery.

DHL package delivery impersonation

When the user clicks the link provided, they're sent to a credential harvester.

Google Drive PDF email notification hijacking

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Jon Gellin

Date: 28.04.2023

This email informs its recipient of a PDF file shared with them. The PDF then contains a link to a fraudulent cryptocurrency website.

Google Drive PDF email notification hijacking

As the email is a notification sent by Google, it easily passes through most spam filters, landing straight in the recipient’s inbox.

Tinder match impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Jon Gellin

Date: 28.04.2023

This email informs the receiver of a new Tinder match, hoping to weaponize their curiosity.

Hi [RECIPIENT NAME], it's a match! IT'S A MATCH' IJUIJLZU kbLFUö FIND OUT WHO Tip: Turn on your push notifications Turn on your push notifications to see new matches immediately. tinder Follow us This email was sent by Tinder. 8833 sunset Blvd. West Hollywood 90069 @2023 Match croup, LLC. I Privacy_eglicy

But hovering on the link reveals that it leads to a fake site designed to harvest email credentials instead of Tinder.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.