Heimdal™ Reverses New GLS Credit Card Fraud Campaign and Potentially Has Picture of Head Attacker

A new GLS Spam campaign is underway. It works via an e-mail that informs the victim about some details that need to be filled out for a certain shipment. The email text that we have intercepted was split into multiple HTML spans, so an NLP network analyzers cannot label its contents as spam.

The new GLS Spam sophisticated campaign is currently underway, leveraging advanced obfuscation techniques such as NLP ‘dodging’ to bypass common spam filter. As stated, it works via an e-mail that informs the victim about some details that need to be filled out for a certain shipment. The victim should click on the provided link in order to perform a set of instructions, a link that, as its name says, will lead to a page with “delivery options”.

The e-mail also informs about the fact that as soon as the package is paid, this will be delivered. Additional shipping fees to the tune of 14.99 DKK (2.01 EUR) might apply.

Our CEO, Morten Kjærsgaard, received this kind of email on Sunday, posing as a legitimate email from GLS Denmark.

In the print screen below you can see the original email:

And here is the translation:

Please do not reply to

Read More: https://heimdalsecurity.com/blog/new-gls-spam-campaign/