Crypto Ransomware Attack Disguised as Australia Post Targeting Australians

Posted by Daniel Graziano on 25 August 2015 15:48:45 AEST

MailGuard have successfully identified and blocked another email crypto run by cyber criminals based in Russia. These offenders are impersonating Australia Post and directing attacks at Australians alerting the email recipient of a supposed parcel that was delivered to their residence.

Here is a screenshot of the type of email to watch out for.

Auspost-Crypto-Ransomware-Targeting-Australians-Website1

As you can see above, the email appears to originate from Australia post addressing the recipient directly (by first and last name) in the subject line, and in the email itself. One notable mistake the offenders have made is the poor grammar in the email subject line, ‘The courier have not redeem package’.

The recipient is prompted to click the ‘request label’ button, in order to attain their ‘shipping label’ and pick up their package.

Once the button is clicked, the victim is redirected through one of the thousands of dynamic domains the perpetrators use (which enables them to avoid having their IP blacklisted), until the user finally arrives on a landing page that is an exact replica of the Australia Post website.

Auspost-Crypto-Ransomware-Targeting-Australians-Website-Rip

This particular scam includes ‘parcel finder’ in the domain name. Whilst this obviously isn’t the official Australia Post URL, a naïve victim might not notice the unofficial domain as it is still relevant to their request. It is, however, critical that you exit non-legitimate websites and avoid entering personal details into any of the requested fields.

By completing the captcha verification process on the page and clicking ‘Download Information’, a download box appears prompting the user to download ransomware disguised as tracking information.

Whilst malware attached to emails can be stopped effectively by email filters, these crypto ransomware emails indirectly deliver their malware via multi-tiered redirected URL's instead of sending the malware by attaching to the email itself.

As a precaution, we urge you not to click links within emails that:

  • Are not addressed to you by name or have poor English
  • Are from businesses that you were not expecting to hear from
  • Ask you to download any files, namely with a .exe file extension
  • Take you to a landing page or website that does not have the legitimate URL

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Cryptolocker Cyber Criminals Ransomware Email Spam Australia Post Australia Post Tracking Australia Post Virus Scam Crypto Ransomware Australia Post Scam Email

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all