'DHL Express Import Shipment on Hold' Email

Cybercriminals are disseminating decoy emails carrying corrupted attachments, as part of an attack campaign. The emails pretend to be coming from the legitimate DHL logistics company. To pressure users into opening the attached weaponized file, the messages claim that an important cargo belonging to the user has been ceased by government agencies. To release the import shipment, users are supposed to provide additional clearance information, including the full name and address of the manufacturer, as well as the intended use of the items.

The sole purpose of the seemingly urgent-sounding message is to convince the recipient to open the compromised attachment as soon as possible. Once the file has been executed, it will extract a malware payload on the system. Typically, attack campaigns such as this one are tasked with spreading data-collecting threats. The dropped malware could spy on the user's activities on the system, extract sensitive information, such as account credentials, harvest the log-in details for cryptocurrency wallets, active keylogging routines and much more.

Users should always approach unexpected emails with caution. Do not act impulsively upon reading a supposedly urgent message. Do your own research, and never run files associated with unproven or unfamiliar sources.