Australia markets closed

    +71.00 (+1.06%)
  • ASX 200

    +50.30 (+0.77%)

    +0.0053 (+0.77%)
  • OIL

    +2.79 (+2.68%)
  • GOLD

    -1.70 (-0.09%)

    +774.74 (+2.57%)
  • CMC Crypto 200

    +8.22 (+1.81%)

    +0.0033 (+0.51%)

    +0.0016 (+0.14%)
  • NZX 50

    +135.25 (+1.27%)

    +408.17 (+3.49%)
  • FTSE

    +188.36 (+2.68%)
  • Dow Jones

    +823.32 (+2.68%)
  • DAX

    +205.54 (+1.59%)
  • Hang Seng

    +445.19 (+2.09%)
  • NIKKEI 225

    +320.72 (+1.23%)

Warning: New AusPost email threat circulates inboxes

·2-min read
(Source: Getty, MailGuard)
(Source: Getty, MailGuard)

An email security platform has issued a new warning about a fake parcel delivery scam that aims to steal recipients’ personal information and banking details.

MailGuard said it had intercepted an email posing as a delivery alert that exploits Australia Post’s branding.

The email claims to be from a sender called ‘parcelmonitor’, but the email address in the ‘from’ field is from a compromised domain.

“Hello, Your Parcel Number … is on the way,” the email reads. “Your package is stopped at our post. $1 shipping cost have [sic] not been paid.

“This is the last time we are reminding you about your pending shipping cost. The pending delivery will be canceled if the amount is not paid within 48 hours.”

(Source: MailGuard)
(Source: MailGuard)

Users are told to click a link to schedule their delivery and asked to select a preferred time of delivery.

The fraudulent website uses Australia Post branding throughout, and users are told to enter their data to confirm their delivery details and shipping costs.

(Source: MailGuard)
(Source: MailGuard)
(Source: MailGuard)
(Source: MailGuard)
(Source: MailGuard)
(Source: MailGuard)
(Source: MailGuard)
(Source: MailGuard)

“However, the domain used in the URLs of these pages does not belong to Australia Post – a red flag pointing to their illegitimacy,” MailGuard said in a blog post.

Users are then asked for their personal details, including their name and number. The next page asks users to enter their credit card details.

(Source: MailGuard)
(Source: MailGuard)

“Once again, the domains used in the URLs of the pages asking for users’ addresses and credit card details do not belong to Australia Post. These are all actually phishing pages, designed to harvest users’ details.”

“We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.”

(Source: MailGuard)
(Source: MailGuard)

Delivery companies like Australia Post and DHL are often spoofed in scams as they are trusted global brands, MailGuard said.

Scammers are also taking advantage of the end-of-year financial sales. “Cybercriminals are preying on the curiosity of Australia Post customers who may think a ‘package’ is actually on its way.”

There are usually some typical give-aways that an email is a fake:

  • Users are not addressed by name;

  • Emails appear to be from legitimate companies, but the sender domain doesn’t match up;

  • Emails are from businesses you don’t expect to hear from; and

  • The URL or landing page users are taken to don’t use the legitimate address.

You can report text or email scams spoofing Australia Post to this email:

"Australia Post will never email, call or text you asking for personal or financial information or a payment," the parcel delivery service states on its website.

If you do receive a scam: "delete it immediately."

You can also report scams to ScamWatch.

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting