Australians expecting a parcel from Australia Post should watch out for a fake email notification designed to harvest personal and banking details.
Email security software MailGuard said it had intercepted a phishing scam spoofing the Australian delivery service and advising Australians they have a package waiting for delivery.
“It’s on hold,” the email reads. “Please note that your package is waiting for delivery.”
Australians are then asked to ‘confirm payment’ of $2.49 within three days.
But recipients of this email should be wary, as it’s a fake, MailGuard warned.
“It’s important that email users remain extra cautious before opening any emails pertaining to deliveries, particularly one’s that you are not expecting,” MailGuard said in a blog post.
Australians are being particularly targeted right now because of the high volume of parcel deliveries due to lockdowns across NSW, the ACT and Victoria at the moment.
“Cybercriminals are taking advantage of expectant recipients by using email phishing scams from commonly used delivery services, such as DHL and Australia Post to secure sensitive details for credential harvesting purposes.”
The scam email has been sent from a deceptively legitimate-looking sender, titled ‘support[[at]auspost.net.au’. But this isn’t a sender address used by the real Australia Post.
The email features a big blue button asking recipients to ‘Check Order’.
Clicking through, it should become apparent that the entire email is a scam, given the presence of the Cyrillic characters on a compromised WordPress site.
The owner of the site has since realised the content on the page is a scam and has removed it, meaning users are currently not being directed to a webpage that can collect banking details.
“However it is likely that they will edit their campaign by pointing to a new page,” MailGuard stated.
What to do if you've received this scam email
“Australia Post will never email, call or text you asking for personal or financial information or a payment,” the parcel service states on its website.
If you’ve received any emails spoofing Australia Post, forward it on to email@example.com and then delete it straight away, it advises.
Australians should also keep their eye out for previous scams involving Australia Post.
Other scam variations may involve recipients being told that a package has been sent to the wrong shipping address, and then asking for banking details.
Another scam involving Australia Post branding appears to be sent from ‘parcelmonitor’, urging users to pay a “$1 shipping cost”.