Abu Dhabi: After trading scams that wiped millions from the market and job scams in the name of bogus companies, the new strategy targeting UAE residents is a phishing scam.
Fraudsters are posing as customer service agents of a leading courier company to phish for information by asking residents to share their personal details including home address for delivery of packages.
R.B., a housewife in Abu Dhabi said she received a purported email from DHL Express customer service asking her to fill in her home address and other contact details.
“I am actually waiting for a mail order from the US and hence there was nothing suspicious about the email. I was given a tracking number and was asked to fill in my home address and contact details,” recalled R.B. who shifted to a new house after making the order.
“We received your package in our office, our fast mail delivery officer was unable to deliver your package due to wrong address provided by your client. To assist us deliver your package expressly, kindly find attached update form and tracking number. Fill and submit with your recent address and contact details,” read the email sent with a PDF attachment from a gmail account.
The woman said she least suspected it as a scam as it seemed the sender had information she had a change of address.
“But when I contacted the local DHL office, they said it was a scam.”
Another Abu Dhabi resident who did not give his name said he had also received a DHL email seeking his personal details to deliver a packet. “The logo and the page looked exactly the same as the original. So it is easy for people to fall for it,” said the Indian expat.
A DHL official confirmed the scam and said they are aware of it. “We have been getting a couple of calls from customers who wanted to verify the email or follow up on the delivery.”
He said they are warning people to verify the domain address of the email, and to ignore all emails if they are not from the @dhl.com domain.
Phisher’s main goals
Theft of confidential data (bank card credentials, logins and passwords from personal accounts). In a phishing attack users provides the fraudsters with their personal data by filling the fields on fake sites or sending them via email.
Installing various malicious programs on users’ computers. These programs are used not only to monitor user online activity and steal personal information, but also to organise botnets to distribute spam and launch DDoS attacks.