Skip to main content

Advertisement

Advertisement

Waiting for a shipment? Be careful of emails from 'logistics' companies

SINGAPORE — The prevalence of e-commerce transactions and online shopping has attracted the attention of hackers, who are using phishing emails sent from fake logistics companies to bait unsuspecting addressees.

SINGAPORE — The prevalence of e-commerce transactions and online shopping has attracted the attention of hackers, who are using phishing emails sent from fake logistics companies to bait unsuspecting addressees.

The Cyber Security Agency of Singapore (CSA)'s Singapore Computer Emergency Response Team (SingCert) issued an alert on Friday (June 23) about an uptick in reports lodged about these scams.

In one typical phishing email, the sender claiming to be from "DHL Express" will request the addressee to download attachments such as the shipment receipt.

The links in such emails, including shipment tracking links, contain malicious codes, SingCERT said.

Clicking on these links will download malwares that will infect the target's device.

"Phishing emails are becoming increasingly well-written and appear legitimate. Hence, users need to exercise caution," added SingCERT.

((Click on image to enlarge) Example of a phishing email sent from a fake logistics company. Image: SingCERT)

Major courier companies like DHL, UPS, and FedEx have also posted similar warnings of phishing emails and other related scams on their websites.

DHL noted on its website that there had been unauthorised use of the DHL name and brand via email communications and graphics.

"In most cases, the communications concern the sale of consumer goods over the Internet where payment may be requested before the goods are delivered," the statement read. "Please be advised that DHL does not request payment in this manner. DHL only collects money due for official DHL related shipping expenses."

The public is advised not to click on links or open attachments from unsolicited or suspicious emails, or to provide personal information online such as banking details or credit card credentials, unless the authenticity of such requests can be established.

SingCERT also advised users who may have accidentally clicked on such links to change their passwords, and to run a virus scan immediately.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.