Annamaria Montagnese 06 April 2016 12:48:08 AEST 2 MIN READ

Circulating Now – Crypto Ransomware Delivered Through Fake AusPost Phishing Scam Today

Any Australian who is receiving emails purportedly from Australia Post needs to be wary. Yet another email scam has hit email users en-masse today. We have identified several new Fake AusPost emails as malicious and are urging people to be aware.

  • First to stop NEW attacks, MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks.
  • Most on-premise or hybrid anti-virus vendors require software updates across multiple instances, which can take hours or even days, leaving clients vulnerable.

Here is a sample of one of the phishing emails MailGuard has stopped. 

MailGuard_AusPost_Email_Phishing_Scam_Sample_April_2016.jpg

As identified in other phishing campaigns, the cybercriminals behind the scam are sending the email from different email addresses. What is also interesting to note, is that each email contains a different URL, making it harder for anti-virus vendors to identify and block.

The email suggests a parcel could not be delivered to the email recipient, and urges the user to click a link to ‘Get Shipping Label’ before bringing it to Australia Post outlets.

Clicking the link takes the user to a fake AusPost landing page.

MailGuard_AusPost_Email_Phishing_Scam_Landing_Page_Sample_April_2016.jpg

The URL is not even remotely close to that of the legitimate AusPost URL which is http://auspost.com.au/.

The user is directed to click on "Download Information" in order to retrieve the shipping label.

Upon doing so, the user is actually downloading an executable (dropper/malware) which could potentially download a form of crypto ransomware.

Downloading ransomware will lock all files by encrypting them on the local device or network, with a ransom demanded to be paid before files can be decrypted.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Seem suspicious and ask you to download files or click any links within an email to access your account.
  • Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

Share these tips with your staff to make them aware of these or other similar campaigns. By employing a cloud-based email and web filtering solution like MailGuard, you’ll also reduce the risk of these new variants of phishing from entering your network in the first place.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top