Australia Post continues to be popular among cybercriminals looking to trick users, especially as we approach the End of Financial Year (EOFY).
MailGuard has intercepted a new phishing email scam that pretends to be an alert from AusPost, which leads to fraudulent pages using AusPost branding.
Titled ‘AUPost/ Your package is about to return’, the email uses a display name of ‘Post Center’ and contains Australia Post’s logo, along with a ‘Priority Mail Express Confirmation Number’.
However, the domain used in the sender address doesn’t belong to Australia Post but actually originates from a potentially compromised server hosted overseas.
“The email informs recipients that a package they will receive tomorrow will be returned due to a ‘wrong shipping address’,” MailGuard said.
“It directs users to pay ‘extra fees online to submit a new delivery request’.”
Victims are provided with a link titled ‘Get My Parcel’, but clicking on the link will be sent to a different page asking for personal details including credit card details.
These pages also contain Australia Post’s logo, along with an order number and details related to the parcel delivery, including estimated delivery time and status.
However, the domain used in the URLs of these pages does not belong to Australia Post, which is a red flag pointing to their illegitimacy.
When a victim inserts the required information field that information is harvested by the attackers.
“We strongly advise all recipients to delete these emails immediately without clicking on any links,” MailGuard said.
“Well-known postal and shipping companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.”
MailGuard said the timing of this scam to coincide with the EOFY sales is not a coincidence.
“The timing of this scam is particularly opportunistic. With the EOFY approaching, many users will be shopping online to take advantage of lucrative deals & sales. This is one of the busiest parts of the year for shopping & parcel delivery,” MailGuard said.
“Scammers know that receiving notifications related to parcel delivery isn't likely to be unusual in this period, and hence use lures like these to trick users. We’re all eager to get our shopping on time, so we might not think twice before clicking a link in parcel-delivery notifications.”
MailGuard warned that the cyber criminals are “preying on the curiosity” of AusPost customers who may genuinely believe they have a package on the way.
What to look out for
Watch out for the inclusion of specific details like a ‘Priority Mail Express Confirmation Number’, a display name like ‘Post Center’.
The use of a subject like ‘Your package is about to return’ is also a red flag.
“Cybercriminals behind this scam hope in their excitement and curiosity, recipients don’t pause to check for the legitimacy of the email,” MailGuard said.
The major warning sign is that the scam doesn’t address the recipient directly, and that it contains several spacing & grammatical errors - so watch out for these.