This sneaky delivery scam email is tricking Australia Post customers – Can you spot the difference?
- Replies 44
The malicious minds of cybercriminals can be hard to keep up with, especially when advancing technology can help them take advantage of unsuspecting victims. This is why we all need to stay vigilant regarding scams.
And one scam that’s been making rounds recently takes the form of Australia Post delivery emails.
Australia Post customers are being warned to be extra careful as a copied version of the postal service’s emails has been sent to people in the hope of scamming them out of their hard-earned money.
According to email security organisation MailGuard, cybercriminals are posing as the delivery giant’s customer service team, claiming customers’ packages are ‘on hold’.
In a warning published on their website, MailGuard urged people to ‘delete the email immediately’ if they find it in their inbox.
‘In 2022, Australia Post delivered 2.7 billion items, making it one of the biggest delivery services in the country,’ the warning read.
‘However, with the rise of online shopping and the resulting increased use of postal services for package delivery, Australia Post has become a popular target for scammers looking to impersonate the company in order to steal personal information or money from unsuspecting victims,’ it continued.
MailGuard reported an example of a phishing email and shared tips on how to spot a fake email.
They wrote: ‘The email itself heavily uses Australia Post’s branding, and aside from a few grammatical errors in the text, it would be hard to distinguish it from a genuine email.’
‘The email warns the recipient that their package is on hold and that they need to pay a $3.00 fee by clicking the linked text in order for it to be delivered,’ MailGuard continued.
Here’s what the email looks like:
At the bottom of the email, a ‘send my package’ button can be seen. If the recipient clicks the red button, they will be taken to a phishing page that looks like the authentic Australia Post tracking website.
‘Although there are, again, a number of grammatical errors, they’re in fine print that would likely be glossed over by someone who’s keenly waiting on a package,’ MailGuard shared.
The primary and distinguishable difference would be the URL, which, as you can see from the photo above, is a website called ‘bestfunnyblog’.
In bold print, the user will then be asked to verify their address and supply other information, such as:
Once the victim supplies the information, they will be redirected to another webpage. This time, it will ask the victim to provide their credit card details to make the $3.00 delivery payment. Cybercriminals will ask for the following:
Finally, the victim will be instructed to enter the one-time code sent to their mobile numbers. This request is a seemingly harmless but common tactic used by scammers to verify the legitimacy of the victim’s credit card details. Once verified, this information is immediately stolen.
‘Phishing attacks using parcel redelivery scams are on the rise, as scammers utilise SMS and email to target victims,’ MailGuard reported.
In a previous report, MailGuard warned Australia Post customers of a similar email scam that also tries to steal credit card details and personal information. Only this time, the scam will send an email with the subject line: ‘Invalid email address, we couldn’t find you’. More details about this scam can be read here.
Australia Post warns its customers that it will never:
Meanwhile, MailGuard is urging users not to click suspicious links or open attachments within emails that:
Are not addressed to you by name;
Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include;
Are from businesses that you were not expecting to hear from; and/or
Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
‘All that it takes…is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations,’ they shared.
According to Scamwatch, consumers lost over $24.6 million due to malicious scams in 2022.
If you’re worried that you may have already fallen victim to a scam, contact your bank, report it to Scamwatch here or contact IDCARE for free assistance. Have you encountered any of these messages before, or have you seen something similar? Share your thoughts and experiences in the comments below!
And one scam that’s been making rounds recently takes the form of Australia Post delivery emails.
Australia Post customers are being warned to be extra careful as a copied version of the postal service’s emails has been sent to people in the hope of scamming them out of their hard-earned money.
According to email security organisation MailGuard, cybercriminals are posing as the delivery giant’s customer service team, claiming customers’ packages are ‘on hold’.
In a warning published on their website, MailGuard urged people to ‘delete the email immediately’ if they find it in their inbox.
‘In 2022, Australia Post delivered 2.7 billion items, making it one of the biggest delivery services in the country,’ the warning read.
‘However, with the rise of online shopping and the resulting increased use of postal services for package delivery, Australia Post has become a popular target for scammers looking to impersonate the company in order to steal personal information or money from unsuspecting victims,’ it continued.
MailGuard reported an example of a phishing email and shared tips on how to spot a fake email.
They wrote: ‘The email itself heavily uses Australia Post’s branding, and aside from a few grammatical errors in the text, it would be hard to distinguish it from a genuine email.’
‘The email warns the recipient that their package is on hold and that they need to pay a $3.00 fee by clicking the linked text in order for it to be delivered,’ MailGuard continued.
Here’s what the email looks like:
At the bottom of the email, a ‘send my package’ button can be seen. If the recipient clicks the red button, they will be taken to a phishing page that looks like the authentic Australia Post tracking website.
‘Although there are, again, a number of grammatical errors, they’re in fine print that would likely be glossed over by someone who’s keenly waiting on a package,’ MailGuard shared.
The primary and distinguishable difference would be the URL, which, as you can see from the photo above, is a website called ‘bestfunnyblog’.
In bold print, the user will then be asked to verify their address and supply other information, such as:
- Full name
- Street address
- City
- State
- Phone number
- ZIP code
Once the victim supplies the information, they will be redirected to another webpage. This time, it will ask the victim to provide their credit card details to make the $3.00 delivery payment. Cybercriminals will ask for the following:
- Name on your card
- Card number
- Security code
- Expiry date
Finally, the victim will be instructed to enter the one-time code sent to their mobile numbers. This request is a seemingly harmless but common tactic used by scammers to verify the legitimacy of the victim’s credit card details. Once verified, this information is immediately stolen.
‘Phishing attacks using parcel redelivery scams are on the rise, as scammers utilise SMS and email to target victims,’ MailGuard reported.
In a previous report, MailGuard warned Australia Post customers of a similar email scam that also tries to steal credit card details and personal information. Only this time, the scam will send an email with the subject line: ‘Invalid email address, we couldn’t find you’. More details about this scam can be read here.
Australia Post warns its customers that it will never:
- Call, text or email you asking for personal or financial information, including password, credit card details or account information;
- Call, text or email you to request payment; and
- Ask you to click on an email link to print off a label to redeem your package.
Meanwhile, MailGuard is urging users not to click suspicious links or open attachments within emails that:
Are not addressed to you by name;
Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include;
Are from businesses that you were not expecting to hear from; and/or
Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
‘All that it takes…is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations,’ they shared.
According to Scamwatch, consumers lost over $24.6 million due to malicious scams in 2022.
Key Takeaways
- Australia Post customers are being warned about a 'hard to distinguish' parcel delivery scam targeting unsuspecting shoppers.
- Cybercriminals are posing as Australia Post's customer service team, claiming customers' packages are 'on hold' and requiring a $3 fee for delivery to be finalised.
- MailGuard, an email security organisation, is warning customers to delete phishing emails immediately if they find them in their inbox.
- Australia Post says it will never call, text, or email customers asking for personal or financial information, nor request payment or click on a link to redeem their package.