MailGuard has intercepted a new phishing campaign impersonating Australia Post, using a simple HTML email and a single “Click Here” link to lure recipients into a multi-step credential and payment capture flow.
The objective is clear, prompt the recipient to “fix” a delivery issue, then pressure them into entering card details, a mobile number, and a one-time passcode (OTP). Even though the dollar value is small, the risk is not. These scams are built to harvest payment details and authentication codes that can be reused for fraud.
The message we observed uses the subject line: “Parcel Awaiting Instructions”
The sender information is also a strong indicator it is not legitimate:
In the email body, the recipient is told a delivery attempt failed due to an “Incomplete delivery address” and is asked to pay a small fee,1.99 AUD, via a “Click Here” link.
Based on analysis from the MailGuard operations team and the captured screens, this campaign follows a straightforward, high-conversion flow:
Step1, Delivery failure prompt
The recipient is presented with a delivery failure message and asked to pay a small “shipping fee” to resolve the issue. The low amount is deliberate, it feels plausible, it lowers suspicion, and it encourages fast action.
Step2, Fake Australia Post “parcel details” page
Clicking through takes the victim to a lookalike page branded as Australia Post showing “Parcel details”, including a fee of 1.99 AUD and a prominent payment button. The page we captured was hosted on anon-Australia Post domain, another major red flag.
Step3, Payment card harvest
The next screen requests credit or debit card details and a phone number, presented in a pop-up that mimics a card payment flow. This is where financial theft begins.
Step 4, OTP capture
A final screen requests a confirmation code, “the code sent to your phone number”. OTP capture is particularly dangerous because it can enable criminals to bypass security controls in real time, including bank authentication, card verification, or account takeover protections.
This campaign includes several signals that should immediately raise suspicion:
If someone in your organisation clicked the link or entered details, treat it as a potential incident:
Delivery-themed lures work because they blend into everyday operations, invoices, shipments, procurement, and personal deliveries that often reach corporate inboxes. The“small fee” tactic increases conversion, and the addition of OTP capture suggests an intent to defeat real-time protections, not just collect card numbers.
MailGuard continues to monitor and intercept these campaigns as they evolve, helping reduce the likelihood that staff ever need to make a judgement call on a high-pressure message.
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.