The sneaky Gmail scam that's costing Australian seniors millions

Those official-looking 'delivery failure' messages flooding your Gmail inbox aren't system glitches—they're sophisticated traps designed to steal your money and personal information.

And if you're over 60, you're squarely in the scammers' crosshairs.

Australian seniors aged 65 and over reported the highest losses of any age group at $99.6 million in 2024, making them prime targets for increasingly clever email scams like the mailer daemon trick that's currently doing the rounds.

What's really happening with these 'failed delivery' messages

When you receive a message claiming to be from '[email protected]' about a delivery failure, your first instinct might be to investigate. That's exactly what scammers are counting on.

Here's how the con works: Scammers send out bulk spam using forged sender addresses, and when recipient servers bounce these messages back, they're sent to the forged address—which could be yours. It's called 'backscatter spam,' and it's designed to make you think there's a problem with your email account that needs immediate attention.

The fake delivery notification typically includes a text box stating something like 'Address not found: Your message wasn't delivered to [your handle]@google.com because the address couldn't be found.' Notice the domain discrepancy—your actual Gmail address ends in @Gmail.com, not @google.com. But in the stress of thinking something's wrong with your email, this detail can easily slip by.

Why Australian seniors are bearing the brunt

The numbers paint a concerning picture. While losses for all other age groups decreased in 2023, losses for people over 65 increased by 13.3 per cent to $120 million. This isn't coincidence—it's calculated targeting.

Scammers are deliberately preying on seniors and retirees looking for investment opportunities, using sophisticated psychology alongside their technical tricks. The average phishing scam victim in recent data was a woman 65 or older living in NSW who received a text message from a scammer impersonating her bank, her child or a road toll company.

The mailer daemon scam fits this pattern perfectly. It creates anxiety about a technical problem with your email, then offers a simple solution via a clickable link. For many seniors who rely heavily on email to stay connected with family and manage important accounts, the fear of missing crucial messages can override caution.

The hidden attachments you never asked for

One particularly nasty aspect of this scam involves attachments. Users report these emails often contain attached files 'about something attractive, like diets and wines,' and the attachment icons don't appear until you open the email. This delayed appearance is designed to pique curiosity and encourage downloads.

These attachments can install malware on your device or redirect you to fake login pages designed to steal your credentials. Even clicking on images within the email can be dangerous.

How this fits the broader scam landscape

Gmail is working hard to protect inboxes from scams, especially during the holiday season, but scammers are adapting faster than ever. The mailer daemon trick is just one weapon in an increasingly sophisticated arsenal.

Social media has become the most reported contact method leading to financial loss, with 7,724 reports and overall losses of $69.5 million in 2024. Phone scams remain the costliest overall, but email-based attacks like the mailer daemon scam are perfect for the preliminary grooming phase.

What makes this particularly insidious is how it exploits the legitimate mailer daemon system. Mailer-daemon is a legitimate program that manages email delivery and sends automated notifications when messages bounce, but it can be co-opted relatively easily to trick people into clicking malicious links.

Your comprehensive protection plan

Don't just ignore and delete—take active steps to protect yourself:

Immediate actions:

• Never click links or download attachments from unsolicited mailer daemon messages
  
• Mark these emails as spam to help Gmail's filters learn
  
• Check the full sender address carefully—legitimate bounce messages won't come from googlemail.com for Gmail accounts

Strengthen your defences:

• Enable two-factor authentication on your Google account if you haven't already
  
• Use a strong, unique password for your email account
  
• Regularly review your account's security settings and recent activity
  
• Consider using Gmail's confidential mode for sensitive emails

Verify before you trust:

If you're genuinely concerned about email delivery issues, log into your Gmail account directly (never through email links) and check your sent folder. You can also contact recipients through alternative means to confirm they received your messages.

What to do if you've already fallen for it

Don't panic, but do act quickly:

• Secure your accounts immediately: Change your email password and any other accounts that use the same credentials
  
• Contact your bank: Call your bank, online payment platform or financial institution immediately and inform them that you suspect your account has been compromised
  
• Run security scans: Check your devices for malware using updated antivirus software
  
• Report the incident: Contact Scamwatch at scamwatch.gov.au and your local police if you've lost money
  
• Monitor your accounts: Keep a close eye on all financial and email accounts for unusual activity

Remember the three-step approach: STOP—don't give money or information if unsure. CHECK—ask yourself if the message or call is fake and contact the business independently. PROTECT—act quickly if something feels wrong.

The bigger picture: staying ahead of the scammers

The good news? Overall scam losses fell by 25.9 per cent to $2 billion in 2024, showing that protection efforts by government, industry and community organisations are working. The bad news? Scammers aren't giving up—they're getting more sophisticated.

Understanding scams like the mailer daemon trick is your best defence. These criminals rely on confusion, urgency, and trust in familiar systems. By knowing their tactics, you can spot the red flags before it's too late.

Remember, there's no shame in being targeted by these scams. Scammers are financial criminals who use sophisticated technology and psychology to rob Australians of their money and personal information. The sophistication isn't a reflection of your gullibility—it's evidence of how far these criminals will go.