Phishing Multi-stage DHL phishing campaign examined April 30, 2026 Share By SC Staff HackRead reports that threat actors have spoofed DHL in a new phishing campaign that employed a multi-step attack chain to siphon users' passwords. Malicious emails purporting to be from DHL Express sent from the cupelva[.]com domain included a button to confirm waybill details that redirected to a fraudulent parcel OTP page that not only displays a JavaScript-generated six-digit number but also features a two-second lag in an attempt to copy legitimate data processing procedures, according to findings from the Forcepoint X-Labs research team. URL-based identity injection is then harnessed to copy the victim's email address to the final DHL login portal, enabling password theft and the subsequent harvesting of device telemetry information. Attackers proceeded to use the EmailJS tool to exfiltrate the obtained data, while the phishing kit redirects victims to the real DHL site to avert suspicion. "The campaign targets individuals rather than specific organizations and shows no geographic concentration. What makes it worth examining is the OTP mechanic: a trust-building layer with no real authentication behind it, engineered entirely to lower the victims guard before the actual theft begins," said researchers. SC Staff Related Phishing Report sheds light on Chinese phishing campaigns against journalists, activists SC Staff April 30, 2026 Report sheds light on Chinese phishing campaigns against journalists, activists Chinese state-backed freelance hackers have launched a pair of phishing campaigns aimed at journalists and opposition activists in Taiwan, Hong Kong, Tibet, and China's Uyghur region in a span of nine months, according to The Record, a news site by cybersecurity firm Recorded Future. Phishing Suspected Russian phishing campaign targets German officials via Signal SC Staff April 29, 2026 The campaign targeted high-profile individuals including German politicians, ministers, military personnel, diplomats, and journalists. Threat Intelligence Social media scam-related losses surge, FTC report finds SC Staff April 29, 2026 TechCrunch reports that financial losses linked to social media scams were reported by the U.S. Federal Trade Commission to have increased eightfold over time, exceeding losses attributed to other methods of fraud used by criminals to trick consumers. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds