article featured image


Copenhagen, November 16th, 2021 – Heimdal™ Security (Heimdal™) CEO Morten Kjærsgaard appeared on The Irish Tech News Podcast with Ronan Leonard to discuss the recent GLS Scam Campaign discovered by our SOC Team and how to stay safe from SPAM emails.

As previously reported by Vladimir, the malicious campaign worked via an e-mail that was informing the victim about some details that need to be filled out for a certain shipment.

The email text that was intercepted by Heimdal was split into multiple HTML spans, therefore making an NLP network analyzer unable to label its contents as spam.

For a more in-depth analysis of the GLS scam topic, listen to the latest Irish Tech News podcast here:


The new GLS Spam sophisticated campaign is still running even if the police have been informed in regards to it.

It was a very strange email, the email I received, it was assumingly from GLS, the global logistic company, and it was very well-conceived. When you received it, it will only appear to your screen if you are the right receiver, and that is a very neat trick.

Morten Kjærsgaard

The email campaign is leveraging advanced obfuscation techniques such as NLP ‘dodging’ to bypass the common spam filters. As stated, it works via an e-mail that informs the victim about some details that need to be filled out for a certain shipment. The victim should click on the provided link in order to perform a set of instructions, a link that, as its name says, will lead to a page with “delivery options”.

At this time our specialists are still able to see personal information belonging to victims, like SSN and Credit Card information, going into the attackers’ database.

What makes this malicious campaign special is the use of NLP obfuscation, a technique that is allowing the attackers to evade the email detection system in place.

Our Machine Learning team discovered the fact that these emails are able to go out in various countries, but the attackers have made sure that only the targeted people will be able to access the content of these emails.

It’s a very clever piece of work that can be customized to any region that this campaign is targeting.

Morten Kjærsgaard

The Heimdal™ specialists managed to infiltrate the communication system of the perpetrators and were able to see their usernames alongside the personal information belonging to victims flowing around on their Telegram channel.

How to Stay Safe

As mentioned in the podcast, the best way to stay safe when it comes to a malicious email campaign is to be well informed. Check out our Cyber Security Course for Beginners, and learn more about all the ways in which threat actors are trying to steal your personal data and what can you do to prevent these attacks.

In order to make sure that you are safe from spam emails:

  • Make sure your e-mail address isn’t visible to the public, since hackers might simply steal it and use it to send you phishing emails.
  • If an e-mail appears suspicious, do not click on the link, like in this case, especially if you have no idea what invoice they are referring to. You may simply phone the delivery firm to verify that the message was delivered.
  • A SPAM email should never be replied to.
  • Make sure you have anti-spam and antivirus software installed.
  • Make sure that you’re well-informed.

About Irish Tech News

Irish Tech News is an award-winning online publication aimed at keeping the public informed of all the latest news from the world of Technology. With the main focus on Irish-based news, they cover a wide range of topics from social media and smartphones to start-ups and SMEs.

About Heimdal™ Security

Founded in 2014 in Copenhagen, Denmark, Heimdal™ is a leading European provider of cloud-based cybersecurity solutions. The company offers a multi-layered security suite that combines threat prevention, patch and asset management, endpoint rights management, and antivirus and mail security which together secure customers against cyberattacks and keep critical information and intellectual property safe. Heimdal™ has been recognized as a thought leader in the industry and has won multiple international awards both for its solutions and for its educational content creation.

Currently, Heimdal™’s cybersecurity solutions are deployed in more than 45 countries and supported regionally from offices in 15+ countries, by 175+ highly qualified specialists. Heimdal™ is ISAE 3000 certified and secures more than 2 million endpoints for over 10,000 companies. Heimdal™ supports its partners without concessions on the basis of predictability and scalability. The common goal is to create a sustainable ecosystem and a strategic partnership.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *