Parcel-delivery scams continue targeting inboxes as the End of Financial Year (EOFY) approaches. MailGuard has intercepted a new phishing email scam that purports to be a delivery alert, ultimately leading to fraudulent pages employing Australia Post’s branding.
The email uses a display name of ‘parcelmonitor’. However, the domain used in the sender address provided in the email’s ‘From:’ field doesn’t belong to parcelmonitor. It actually orginates from a compromised domain. The email body informs recipients that their package is ‘stopped’ because ‘$1 shipping cost have not been paid’. It warns recipients that they are being reminded to pay their ‘pending shipping cost’ for the last time, adding that the delivery will be canceled if the amount is not paid within 48 hours. A link is provided for them to schedule their delivery.
Here is what the email looks like:
Unsuspecting recipients who click on the link to schedule their delivery are led to an automatic redirect, and then to several pages asking users for their delivery preferences. These include the preferred time of delivery, and the shipping address.
Here are screenshots of those pages:
As you can see from the screenshots above, all these pages employ Australia Post’s branding and logo. However, the domain used in the URLs of these pages does not belong to Australia Post – a red flag pointing to their illegitimacy.
After users select their preferred delivery options, they are led to another page asking for some personal details (name, email, phone number, and a password of their choice).
On confirming these details, the user is then sent to one of a few different pages hosted on different domains, all asking for valid credit card details. Here are two different examples of these pages:
Once again, the domains used in the URLs of the pages asking for users’ addresses and credit card details do not belong to Australia Post. These are all actually phishing pages, designed to harvest users’ details.
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
Well-known postal and shipping companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases. Most recently, MailGuard reported a similar DHL-themed email scam earlier this month.
The timing of this scam is particularly opportunistic. With the End of Financial Year (EOFY) approaching, many users will be shopping online to take advantage of lucrative deals & sales. This is one of the busiest parts of the year for shopping & parcel delivery. Scammers know that receiving notifications related to parcel delivery isn't likely to be unusual in this period, and hence use lures like these to trick users. We’re all eager to get our shopping on time, so we might not think twice before clicking a link in parcel-delivery notifications.
In this particular case, cybercriminals are preying on the curiosity of Australia Post customers who may think a ‘package’ is actually on its way. This motivates them to enter their personal details without hesitating. Here are some techniques that cybercriminals behind this scam have employed to trick users:
- The inclusion of specific details, like a tracking code and the weight of the parcel, suggests the email is sent from an official source belonging to Australia Post, boosting its credibility,
- The use of a subject like “Your package is on its way” and the inclusion of the 48 hour deadline to confirm shipping payment. This intrigues and motivates users to take immediate action if they wish to receive their package. Cybercriminals behind this scam hope in their excitement to retrieve their package, recipients don’t pause to check for the legitimacy of the email and,
- The presence of multiple delivery options, like different timings. These features are commonly present in notifications from well-established companies like Australia Post, further convincing users that those pages actually belong to the company.
Despite these techniques, several red flags are present in the email that should alert users of its illegitimacy. These include the fact that it contains several spacing & grammatical errors, like ‘$1 shipping cost have not been paid’.
If you suspect that you have received a scam email pretending to be from Australia Post, the postal company advises that you forward it to firstname.lastname@example.org. More details can be provided on their Online Security page here: https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud
We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever (especially since the COVID-19 pandemic), it’s sometimes hard to keep track of what parcels we’re expecting. Cybercriminals know this, and often prey on people’s busy lives and curiosity trick them.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.