MailGuard 05 January 2022 14:01:36 AEDT 6 MIN READ

Australia Post “Package Pending Status” Phishing Scam

A new Australia Post email phishing scam seeks to take advantage of the recent rush of deliveries over the Christmas and New Year break, and with many more Australians still isolating and reliant on online orders due to the continuing spectre of COVID19, they could easily fall prey for the scam. It advises recipients that a shipment is awaiting instructions, with a small fee of $1.99 (AUD) now due.

 

Sent from ‘Austpost’, the sender name is spoofing Australia Post with the actual sender address of ‘toolbox(at)registr(dot)com’, and an email subject reading, ‘Package pending status!’.

Here’s what the email looks like: 

AP-email-masked-01

Australia Post is a popular target for scammers at this time of year, with a similar scam blocked by MailGuard and reported on this blog in December. Although the small amount of $1.99 AUD may seem relatively insignificant, the real prize for the cybercriminals is the credit card credentials of victims. Australia Post advises its’ customers that, "Australia Post will never email, call or text you asking for personal or financial information or payment. Report a suspicious email or text message that appears to be from Australia Post to scams@auspost.com.au and delete it immediately”.

When a customer clicks on the ‘Send my package>’ link, they are taken to a phishing page (pictured below) that requests their ‘billing information’, including the cardholder’s name, mobile phone number, date of birth and credit card details. The phishing page is hosted at nazwa.pl, a Polish hosting service.

AP-phish-page-masked-01

Once these details have been submitted, users are presented with a redirect message (see below), before they are taken to a verification page.  

AP-phish-page-redirect-masked-01

The final step in the ruse is a credit card verification page carrying ‘Verified by Visa’ and MasterCard SecureCode’ branding. The page asks for an ‘approval code’ which has been sent to the mobile phone number provided, mimicking an authentic OTP security process. This technique is often used by cybercriminals to feign authenticity.  

AP-phish-page-creditcard-masked-01

If you suspect that you have received a scam email pretending to be from Australia Post, the postal service suggests forwarding it to scams@auspost.com.au. More details can be found on their Online Security page here: https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud.  

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.    

MailGuard urges users not to click links or open attachments within emails that:      

  • Are not addressed to you by name.      
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.      
  • Are from businesses that you were not expecting to hear from, and/or      
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.     

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates