The Latest Phishing Scam Is A DHL Chatbot That Steals Credit Cards

Privacy Cyber Security AH Nov AH 2019

There’s a new phishing scam for users to keep an eye out for that takes a slow route to steal user credit cards via an email-delivered DHL chatbot. That’s according to recent reports citing a new discovery from the cybersecurity researchers at Trustwave SpiderLabs.

Now, according to the Trustwave SpiderLabs report, the new phishing campaign is different from others in a number of ways. To begin with, the phishing scam is designed to act like a chatbot from DHL. So it isn’t outright starting by asking users to enter in any potentially harmful data.

Instead, it’s slow to ask for data deliberately, to better replicate the experience of chatting with a chatbot. That also means that users need to ignore a plethora of red flags in order to have their credentials stolen. But the pacing of the chatbot and the questions asked as well as the site users are redirected to appear legitimate. Making it more difficult to spot the red flags, to begin with.


How does this latest phishing scam work and what does it have to do with DHL?

Now, the scam also isn’t associated with DHL in any way. But it starts by sending users an email indicating that there’s been an issue with a DHL shipment. Specifically, that there’s a parcel pending delivery.

Users who click the included link are redirected to a site engineered to mimic a DHL customer support site. The site loads up a chatbot to resolve the apparent technical issue. To begin with, users are asked to pass a Captcha check. Then they’re eventually asked to pass over their DHL login credentials and credit card information.

That then boots up a payment gateway to check that the card is valid. Then it redirects again to a page to generate a one-time password for login. There’s no way to input a phone number on the page in order to receive the code via SMS. So users can either give up or enter random numbers. The latter of which eventually “works” to bypass the password check.


The process is “completed” at that point, redirecting users one more time to a page to confirm submission.

As is often the case with email-based scams, the best practice is, of course, to not open suspicious links, to begin with. For instance, the latest “DHL chatbot” scam relies entirely on users falling for classic phishing techniques. Although what it does next is novel.

So, in this case, it would be better for users who receive an email from the shipper to navigate to the company’s website manually by entering the “DHL.com” URL into the address bar directly and seeking help. As opposed to using the “DHL” link in the email or entering that link’s URL into their address bar.