An email security platform has issued a new warning about a fake parcel delivery scam that aims to steal recipients’ personal information and banking details.
MailGuard said it had intercepted an email posing as a delivery alert that exploits Australia Post’s branding.
The email claims to be from a sender called ‘parcelmonitor’, but the email address in the ‘from’ field is from a compromised domain.
“Hello, Your Parcel Number … is on the way,” the email reads. “Your package is stopped at our post. $1 shipping cost have [sic] not been paid.
“This is the last time we are reminding you about your pending shipping cost. The pending delivery will be canceled if the amount is not paid within 48 hours.”
Users are told to click a link to schedule their delivery and asked to select a preferred time of delivery.
The fraudulent website uses Australia Post branding throughout, and users are told to enter their data to confirm their delivery details and shipping costs.
Users are then asked for their personal details, including their name and number. The next page asks users to enter their credit card details.
“Once again, the domains used in the URLs of the pages asking for users’ addresses and credit card details do not belong to Australia Post. These are all actually phishing pages, designed to harvest users’ details.”
“We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.”
Delivery companies like Australia Post and DHL are often spoofed in scams as they are trusted global brands, MailGuard said.
Scammers are also taking advantage of the end-of-year financial sales. “Cybercriminals are preying on the curiosity of Australia Post customers who may think a ‘package’ is actually on its way.”
There are usually some typical give-aways that an email is a fake:
Users are not addressed by name;
Emails appear to be from legitimate companies, but the sender domain doesn’t match up;
Emails are from businesses you don’t expect to hear from; and
The URL or landing page users are taken to don’t use the legitimate address.
You can report text or email scams spoofing Australia Post to this email: firstname.lastname@example.org.
"Australia Post will never email, call or text you asking for personal or financial information or a payment," the parcel delivery service states on its website.
If you do receive a scam: "delete it immediately."
You can also report scams to ScamWatch.