Holidays are over, but don’t let employees’ guard drop over fake shipping emails

The December holidays are over, but don’t expect phony malware-filled shipping emails to stop being sent to your employees.

In fact, researchers at Cofense say in a report released today, these phishing messages threaten several industries all year round and only increase slightly during holiday periods.

These are messages with subject lines such as “Important Shipment,” and “Invoice attached,” with messages claiming to be from well-known package handling firms — including DHL, Maersk, and FedEx — about invoices, air waybills (AWB), and bills of ladings (BoL).

Screen shot of a typical shipping-themed phishing message sent to companies
A typical shipping-themed phishing message sent to employees. Source: Cofense

The goal is to get an employee to download the supposed document — which is malware — or enter personal information.

The researchers did a three-year analysis, from 2021 to 2023, looking at phishing trends for this type of attack against several industries.

“Manufacturing stands out from the other industries as the most significant targeted industry in the three-year sample,” the analysis found.

“Despite the marginal increase during the holiday seasons, shipping-themed emails remain a consistent threat all year round, with significant volumes appearing in June, October, and November.”

After manufacturing, the top industries targeted were, in order, finance, insurance, metals and mining, and financial services.

The most common payload is the Agent Tesla keylogger, followed by FormBook, both of which are used for stealing data from infected computers. The third most common payload is malware that steals credentials.

The most popular delivery mechanism is Microsoft Office documents that try to exploit unpatched versions of the Office Equation Editor (CVE-2017-11882).

The second most popular way of delivering malware is through HTML files, through a technique called HTML smuggling, the report says. Infosec pros should note that usually this technique delivers credential phishing as attachments or via an infection URL embedded into the email. During the analysis it was seen that the total volume of HTML files and credential phishing were almost identical. This suggests that shipping-themed emails with credential phishing have a better chance of being delivered via an HTML file.

“Employees should always be prepared for when they receive a malicious email, whether personal or business, at any point in the year,” the report says. “Shipping-themed emails remain a significant year-round threat that may infect company assets and lead to more significant threats like ransomware if employees are not adequately trained.

“Practicing email security by detecting and reporting malicious emails all year round will decrease the likelihood of a malware infection or unauthorized access.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now