Over the course of 48 hrs cybercriminals have distributed an email scam targeting customers of Australia Post and the New Zealand Post.
Be warned recipients who click through on the scam are at risk of downloading Cerber Ransomware.
MailGuard’s premium e-mail filtering technology was able to block this threat at the point of detection.
Here is a screenshot of the types of emails to watch out for.
There are two different emails, one appearing to originate from Australia Post and the other from NZ Post. The emails suggest a parcel was delivered but no one was there to receive it.
The email asks the recipient to click to view or download the parcel information. Clicking this link will automatically direct recipients to the download. The downloads are hosted on compromised legitimate websites, while others are built specifically for this scam.
Here are samples of the download:
Instead of the recipient downloading a label or parcel information, they are actually downloading an obfuscated Javascript file which acts as a dropper. Upon executing the Javascript file, Cerber Ransomware is installed.
Why is Ransomware dangerous?
There are many variations of ransomware. Ransomware is a form of malware which when installed, holds the user to ransom in order for the cybercriminals to either unlock their files etc. The ransom is requested usually in Bitcoins, and payment does not always guarantee the key to decrypt files.
How to reduce your risk of being affected by ransomware:
- Educate staff to be suspicious of emails that were unexpected and purporting to be form well-known companies such as Australia Post and NZ Post
- Check for poor grammar – reputable organisations are unlikely to have basic grammatical errors in email content
- If you are ever in doubt, go to the website directly and never click links from within an email to access information or landing pages
- Invest in multi-layered security for businesses to reduce the risk of staff inadvertently downloading malware
AusPost offer tips on their website on how to stay safe online and avoid scams purporting to be from them. NZ Post describe a variety of scams on their website to educate the public.
Fortunately, MailGuard was able to block this scam at the point of detection, using a range of advanced rules to recognise its malicious nature, before staff have the opportunity to view or open it.
If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email expert@mailguard.com.au.
For more tips on how to identify malicious emails like this, you can read our article here.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
