Shane Chambers No Comments

DHL Phishing Campaign Found to Contain New Strain of Malware

Every year, the number of phishing scams seems to be increasing, with the malware-ridden emails getting continually more sophisticated and convincing. The latest global phishing campaign purporting to be from international courier giants DHL has been tricking users into opening a fake PDF attachment – and subsequently unleashed a previously unseen piece of malware to wreak havoc on their PCs.

Cyber criminals are taking advantage of DHL’s worldwide reputation and brand recognition in order to distribute a previously unseen strain of malware, named Muncy. Once the user downloads the fake PDF attachment, the trojan sneaks onto their PC and begins scanning the C:/ drive for any files containing sensitive data.

Once it has completed its scan, it then sends back any data found to the criminals’ server, where they can attempt to steal the user’s money, impersonate them to commit identity fraud, or even request a ransom from them to not release the data publicly.

So how do I recognise this email if I get it? Well, the first question you should ask yourself if you receive a mail from DHL is if you’re expecting a parcel from them. Getting a parcel delivery notice when you’re not expecting any deliveries is always a sign that the email may not be genuine.

For this scam in particular, they have taken advantage of some of DHL’s mail servers to make the emails appear as if they are coming from [email protected](.)com, so they can look quite genuine. The subject of the email is reported to be ‘DHL SHIPMENT NOTIFICATION’, although this may be subject to change if people start to catch on.

The most important thing to bear in mind is to never open links or download attachments in emails that you suspect are not genuine. Most companies like DHL will instead email you a tracking number that you can independently put into their website to see where your delivery is, not send you a PDF out of the blue. Almost any attachment can be dangerous (.txt files are usually safe, but even these have been exploited to contain malware now). That means not just .exe files can execute themselves on your PC and install malware.

If in doubt, throw it out. Be sure to always think before you click anything in an email. If someone, even a trusted friend or colleague, sends you an email asking you to do something you wouldn’t normally, confirm with them over the phone (not text) or in person before you take any actions.

Phishing scams are getting increasingly sophisticated and common, fooling the filters of consumer-based email providers such as Gmail and Hotmail, and even slinking past corporate providers such as Office365 and some advanced email filtering solutions.

For businesses, we would strongly advise cyber security awareness training be provided to all staff as a key tenet of your security practices – doing so can be the difference between avoiding a cyber attack and being the subject of a costly data breach and GDPR fine.

Shane Chambers No Comments

Irish Businesses and Consumers Targeted by Extortion Email Scam

It’s 2018, and phishing emails are just an expected part of life for email users around the world, containing all manner of malware within concealed links and dodgy attachments. Most of us can recognise poorly spelled phishing emails that lack any real context, but what happens when something more complex hits your inbox? What if a cyber criminal emailed you your password – a real password you’ve used – and told you that they had compromising videos of you and more? What if they said that unless you pay a Bitcoin ransom, they would share this incriminating footage with everyone on your contacts list? That’s exactly what has been happening to thousands of Irish users, to both personal and corporate email addresses.


Cyber criminals are ever trying to find newer, more sophisticated means to scam the general public and businesses through phishing

Read more

Shane Chambers No Comments

Human Error Is Still Greatest Security Threat Faced by Irish Businesses, According to Experts

New research from DataSolutions, an Irish IT solutions provider, has revealed that a majority (60%) of senior IT decision makers consider human error to be the greatest threat facing Irish businesses and organisations at the moment. This is consistent with results of similar surveys in other countries such as the US or UK, as cyber criminals evolve to target end-users and take advantage of improperly-trained staff instead of trying to bypass or hack complex technical security measures. The survey also revealed that 93% of respondents claim that they have a formal cyber security and defense strategy in place to help navigate today’s online threat environment, particularly in a post-GDPR world.


Cyber criminals are becoming increasingly smart and how they target organisations, targeting un-training staff instead of complex technological security measures

Read more

Shane Chambers No Comments

Harvey Norman Among Companies Compromised in Third-Party Data Breach

Harvey Norman, the retail giant with 13 stores in the Republic and a further two stores in Northern Ireland, has admitted to customers that it suffered a data breach through a third-party tool used on its website. “We wish to alert you to a data breach that has occurred in the systems of a third-party website service provider, Typeform, which has resulted in the unauthorised access to some Harvey Norman data,” the company said earlier this week in a statement.


Harvey Norman was just one of the many companies affected by a breach at Typeform, a third-party website service provider

Read more