publishing date icon
May 26, 2023
read time icon
5 min. read

Threat feed week 21: Microsoft QR code and DHL delivery fee impersonations

Post hero image

Table of contents

share this post

Microsoft QR code impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious QR code

Region: Global

Analyst: Suvi Hakala

Date: 24.05.2023

This phishing email pretends to be from Microsoft and uses a QR code to deliver the payload. The message claims the recipient must review a security update and perform a security authentication by scanning the QR code.

From: [COMPANY] Online Notification Microsoft Security Authenticationl Scan Me you are being held responsible to review security [RECPIPIENT.NAME], update as of 01/06/2023. Quickly scan above QR Code with your phone camera. Review security requirements within 4 days of the received date by going to Account manager in the Security Center. [COMPANY]S 2023 Microsoft Corporation. All rights reserved. Privacy Statement

Scanning the code redirects the recipient to a Microsoft credential harvester personalized to look like the actual login page of the company.

DHL delivery fee impersonation

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious Link

Region: Global

Analyst: Suvi Hakala

Date: 22.05.2023

This phishing email attempts to impersonate the postal service provider DHL. It claims the recipient has a package with unpaid delivery fees and urges them to click the link to pay them.

Help Center Dear DHCustomer, Your package will be delivered to you today by your letter and parcel carrier. Confirm delivery To complete the delivery as soon as possible, confirm the payment of 2.15 EUR, the online confirmation must be made within the next two days before expiration. Arrival at the DHExpress: 02.06.2023 Regards, DHExpress Team Email Preferences Please do not reply to this email - inbox is not monitored. #ks00ebg728xnf93ka01 mnwi83jkl 180# Terms of Llse I I Terms and Conditions of Carriagg Louis-Krages-Str. 28237 Bremen 2023 Deutsche Post AG

The link leads to a malicious page that actually charges the recipient a fraudulent delivery fee.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.