publishing date icon
August 25, 2023
read time icon
5 min. read

Threat feed week 34: DHL QR code, DocuSign impersonations, and fake internal storage notification

Post hero image

Table of contents

share this post

QR code DHL postal service impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious QR code

Region: Global

Analyst: Suvi Hakala

Date: 21.08.2023

This phishing email attempts to impersonate the postal service provider DHL. It claims they couldn’t deliver a package from the recipient’s client due to an incorrect address.

QR code DHL postal service impersonation

The recipient is urged to scan the QR code to receive their parcel.

Fake internal storage notification

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Suvi Hakala

Date: 21.08.2023

This phishing email looks like an internal notification informing the recipient their mailbox storage is full.

The sender domain is spoofed to look like the email is sent from an internal admin address. The payload is hosted on the domain cloudflare-ipfs.com, which is registered by Cloudflare.

DocuSign impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Minna Herlevi

Date: 25.08.2023

This phishing email impersonates DocuSign, informing the recipient they have a completed document. The body of the email consists of an image to make it look like a legitimate DocuSign notification.

DocuSign impersonation

When hovering over the image, the malicious link becomes visible—it uses an open redirect through Baidu to lead the victim to the actual payload.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.