MailGuard 22 April 2024 11:42:40 AEST 6 MIN READ

Australia Post Email Scam – Check Twice Before Clicking That Link

“A package has been received for you”, claims this email inviting recipients to

“…complete the process for successful delivery.” The scam is a simple one, with no glaring grammatical errors to alert recipients to the dangers of clicking through on the link.

The subject line reads ‘Complete the Process’ with a sender display name of MyPost, however those who take a moment to check the display email address will recognise that it is ‘noreply(at)mm1(dot)marketingsalutare(dot)it’, not a legitimate Australia Post email address, rather it belongs to a compromised account.

An example of the email is shown below:

email-masked-auspost-0424

Those that eagerly scan the email and click through on the link to enter their details are delivered to the first phishing page named ‘Australia MyPost – Pay a bill’, which is a convincing replica of a legitimate Australia Post page. It advises users to “pay only 1.80 AUD Fees to receive your package”, along with a tracking reference, and a form to input your 'Fullname', 'Address', 'City', 'Postal code', 'Phone number' and 'Date of birth'.

Phishing-page-1-masked-auspost-0424

Clicking the red button labelled ‘Next’, prompts users to enter credit card details including 'Full name', 'Card number', 'Expiry date' and 'CVV'.

Phishing-page-2-masked-auspost-0424

Users are then prompted to check their phone for a confirmation code. In reality, entering the confirmation code and clicking the ‘Confirm and finish’ red button will in fact be authorising a transaction that the cybercriminals are processing with the card details and phone number that the victim has supplied.

Phishing-page-3-masked-auspost-0424

The final screen in the process is simply a ‘Thank you!’ page that advises that the process (misspelt as ‘proccess’) was ‘successfully completed’. The links on the buttons to ‘MyPost’ or to ‘Log out’ will take the user to a legitimate Australia Post in which case they may be none the wiser that they have indeed been scammed, until they receive their credit card bill and notice the fraudulent transactions.

Phishing-page-4-masked-auspost-0424

Parcel delivery scams are very popular with cybercriminals, leveraging well-known brands that we all know and trust, like Australia Post, plus other delivery services like DHL and FedEx.

Australia Post offers the following advice: “If you suspect that you’ve received a scam email, call or message appearing to be from Australia Post, you can report it to scams@auspost.com.au and we will investigate.

To combat the rising volume of malicious and fraudulent scams that are mimicking the brand, Australia Post has launched an app so you can ‘Get trusted, accurate and legitimate delivery notifications.’ You can download the Australia Post app in the Apple AppStore or you can get it on Google Play.

auspost app

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates