Australia Post Delivery Scam: What Your Team Needs to Know

In the week before Christmas, with so many of us watching our inboxes for delivery statuses, comes a scam impersonating Australia Post that seeks to harvest credentials and financial information from Australian businesses and individuals. MailGuard's AI-powered threat detection engines have identified and stopped the emails from reaching customers.

What the scam looks like

The attack begins with an email purporting to be from Australia Post's customer service, informing recipients about a pending package that requires a small shipping cost payment of AU$3.

Email characteristics:

• Display name: Customer Service
• Sender addresses: monalisa(at)foralodeos(dot)info or monalisa(at)depalionline(dot)info
• Subject line: "This is the last time we are reminding you about your pending shipping cost"
• Unique bounce addresses per recipient on domains arr.depalionline.info or sbw.foralodeos.info

The email contains a tracking number and urges recipients to "confirm delivery details and pay shipping costs" with an ominous warning that "the pending delivery will be cancelled if the amount is not paid within 48 hours."

The Multi-Stage Attack

What makes this scam particularly effective is its multi-stage approach designed to build trust and lower victim defenses:

Stage 1: Delivery scheduling
Clicking the email link takes victims to a convincing Australia Post-branded page asking them to select their preferred delivery day (weekend or working days).

Stage 2: Delivery location
The next page asks victims to choose between home or work address delivery, further reinforcing the legitimate appearance of the interaction.

Stage 3: Confirmation prompt
A third page asks victims to "confirm the details," maintaining the illusion of a standard delivery service workflow.

Stage 4: Personal information harvesting
After the initial prompts, victims are redirected to a new domain where they're asked to provide:

• Full name
• Complete address details
• Postcode and city
• Email address
• Phone number

Stage 5: Financial credential theft
The final page requests complete credit card details, ostensibly to pay the AU$3 shipping fee. This is where the real damage occurs.

Order details reassurance
Throughout the payment flow, an order summary is presented on the right-hand side in an elaborate user interface, designed to reassure users as to its legitimacy.

Payment failed loop
A common tactic designed to validate payment information and potentially to capture the details of additional cards, the scammers present a 'payment failed' message, urging victims to enter details for yet another credit card.

The Psychology of the Attack

Several elements make this scam particularly dangerous:

1. Low-friction amount: The low fee is deliberately small, designed to seem legitimate and avoid triggering suspicion. Most people won't hesitate over such a minor charge, especially when they believe a package is waiting.
2. Urgency and consequence: The 48-hour deadline creates pressure to act quickly without scrutinizing the email's authenticity.
3. Progressive commitment: By the time victims reach the payment page, they've already invested time and provided information, making them more likely to complete the transaction.
4. Brand trust exploitation: Australia Post is a trusted national institution, and the professional appearance of the phishing pages exploits that trust.

The Real Cost

While the scam claims to charge AU$3, the actual cost is far more severe:

• Credit card details can be used for fraudulent purchases or sold on the dark web
• Personal information collected in earlier stages can be used for identity theft
• Harvested data may be packaged and resold to other cybercriminals for use in future, more targeted attacks
• Business email addresses can identify employees for subsequent business email compromise (BEC) attempts

For businesses, a single employee falling for this scam can expose company credit cards and create pathways for more sophisticated attacks targeting your organization.

Red Flags to Watch For

MailGuard urges your team to be vigilant for these warning signs:

• Unexpected delivery notifications for packages you weren't expecting
• Payment requests for deliveries you didn't order (Australia Post doesn't typically charge recipients for standard deliveries)
• Generic greetings instead of personalized communication
• Suspicious sender domains that don't match the official Australia Post domain (@auspost.com.au)
• Urgency and threats about cancelled deliveries
• Multiple redirects through different domains during the interaction
• Requests for excessive information beyond what's needed for a simple delivery

Stay Safe, Know the Signs

MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.

Avoid emails that:

• Aren’t addressed to you personally.
• Are unexpected and urge immediate action.
• Contain poor grammar or miss crucial identifying details.
• Direct you to a suspicious URL that isn’t associated with the genuine company.

Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.

One Email Is All That It Takes   

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters!  Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.