- The website belonging to the Nigerian National Assembly contained a fraudulent web page that asked DHL credentials from the victims.
- The page is connected to a phishing kit active since June 2017 which is used by many attackers.
A Nigerian government website was compromised by attackers to host a phishing page to steal DHL users' credentials. According to MalwareHunterTeam who discovered this phishing instance on the site of Nigerian National Assembly (NASS), the fraudulent page was operating for more than two weeks.
With Nigeria having a maligned history with online frauds, the latest incident indicates that even government sites are not spared.
- MalwareHunterTeam (MHT) also identified a number of malicious URLs impersonating NASS possibly linked to other phishing activities.
- Some of these sites also evaded anti-phishing measures set up in most computer systems.
- MHT said that the phishing kit connected to these sites was active since 2017 as well as was used by many attackers.
- The fake DHL page was shoddily designed and also displayed a “Norton Secured” picture next to the DHL logo.
- The fields for credentials showed an error if a user enters his/her email and password registered under DHL.
Why it matters?
BleepingComputer, which reported on this DHL phishing scam, suggested that user credentials might be up for sale in the dark web. “No matter how many times credentials are submitted, there's the same outcome. Once they get them, cybercriminals can sell them on underground forums for as little as $10 apiece,” it reported.
On the other hand, malicious sites posing as NASS are also believed to provide grounds for other malicious activities apart from phishing.