Government business enterprise Australia Post is the subject of a phishing email scam intercepted by MailGuard.
Titled “Your package is waiting for payment confirmation”, the email uses the display name “AU# AUSTRALIA POST”. The email address used in the “from:” field, however, doesn’t use a domain belonging to the postal company. The email actually originates from what appears to be a newly created domain used specifically for phishing and spam.
The email body informs users that their “shipment is awaiting delivery” and advises them to “confirm the payment” via a link. A link is provided for them to so, and the email ends with a copyright symbol, along with the words “Australia Post”. Hovering over the link reveals the usage of a link shortener – likely an attempt to hide the true destination of the malicious link.
Here is what the email looks like:
Unsuspecting recipients who click on the link to confirm their payment are led to a fake Australia Post-branded page asking users for their credit card details. Just like in the email, the company’s logo and branding are employed in this page. However, the domain used in the page’s URL, while similar to Australia Post, doesn’t belong to the postal company. Instead, it begins with “australiainfoo.com…”. This page is actually hosted on a compromised Wordpress page. Here is what it looks like:
This is a phishing page designed to steal users’ details. Once they submit their payment details, attackers harvested them for later use, and users are led to another page prompting them to submit an SMS code. Similar to the earlier page, this page also employs Australia Post’s logo, as per the below:
Cybercriminals behind this scam have incorporated multiple elements to boost this email’s credibility. These include:
- use of a major brand name to inspire false trust; using “Australia Post” as the display name, boosts the email's credibility,
- usage of features like a shipping code and a verification SMS that are typically expected of legitimate notifications from a well-established organisation like Australia Post,
- inclusion of branding elements like Australia Post’s logo & branding in the phishing pages that are typically present in pages from the company and,
- an alarming subject & body; informing recipients in an email titled ““Your package is waiting for payment confirmation” creates a sense of curiosity and urgency, motivating users to take action immediately without checking on the email’s authenticity.
Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, the user isn’t addressed directly in the email. In addition, while the display name used is “Australia Post”, it begins with “#AU” – a huge red flag that should raise suspicion about the email’s legitimacy.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
If you suspect that you have received a scam email pretending to be from Australia Post, the postal company advises that you forward it to firstname.lastname@example.org. More details can be provided on their Online Security page here: https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.