MailGuard has identified and intercepted a new phishing campaign impersonating Australia Post, designed to trick recipients into providing personal information and credit card details under the guise of a delivery update.
This campaign uses a familiar scenario, a missed delivery or small outstanding fee, to create urgency and lower suspicion. It is simple in execution, but highly effective.
The attack begins with an email posing as a legitimate shipment notification.
The message appears to come from “Shipment Support” and encourages the recipient to “View Shipment Status” or confirm delivery details.
While the branding and language appear legitimate, the sender domain does not belong to Australia Post. Instead, it originates from mhelp.co, with unique, rotating sending addresses for each message, a common tactic used to evade detection.
Stage 1: Delivery Confirmation Page
Clicking the link redirects the recipient to a convincing replica of an Australia Post tracking page.
The page displays realistic parcel details, including a tracking number, delivery status, and estimated arrival date. It prompts the user to continue by confirming delivery information.
This step builds credibility and reinforces the illusion of legitimacy.
Stage 2: Personal Information Collection
The next page requests personal details such as name, address, and contact number.
At this stage, attackers are collecting identity data that can be used for further fraud, account takeover attempts, or social engineering.
Stage 3: Payment Request
After submitting personal details, the victim is prompted to pay a small delivery fee, typically a few dollars.
The low payment amount is deliberate. It reduces hesitation and increases the likelihood of completion, while allowing attackers to harvest credit card information.
Stage 4: Processing and Data Capture
Once payment details are entered, a “processing” screen appears.
MailGuard analysis indicates this step is used to validate or capture the card details in real time. If invalid details are entered, the user is redirected back to retry, increasing the chances of obtaining valid information.
Based on MailGuard’s analysis :
• Display name “Shipment Support” used to appear legitimate
• Sender domain (mhelp.co) does not match Australia Post
• Unique, rotating sender addresses per email
• Simple HTML email with a single embedded link
• Multi-stage phishing flow, collecting personal and financial data
• Low-value payment request designed to reduce suspicion
Why This Matters for Businesses
Although this campaign targets individuals, the implications extend directly into the workplace.
Employees regularly interact with delivery notifications on corporate devices. If attackers obtain personal details or payment information, it can be leveraged for broader attacks, including credential harvesting, impersonation, or business email compromise.
More importantly, this type of attack reflects a wider trend. Phishing is no longer a single step. It is a guided process designed to build trust, collect information progressively, and maximise success rates.
That progression is what makes it dangerous.
Stay Safe, Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.