An email phishing scam purporting to be from Australia Post has been intercepted by MailGuard. There has been an increase in parcel deliveries due to the lockdowns and COVID restrictions currently happening Australia-wide, and cybercriminals are taking advantage of expectant recipients by using email phishing scams from commonly used delivery services such as DHL and Australia Post to secure sensitive details for credential harvesting purposes. It’s important that email users remain extra cautious before opening any emails pertaining to deliveries, particularly one’s that you are not expecting. Levels of anticipation may be further heightened by recent delays resulting from AusPost workers in COVID isolation.
This new scam purports to be from Australia Post using the sender’s name: ‘AusPost’ from the email address: ‘firstname.lastname@example.org’, revealing the first red flag in the communication, as this is not a domain that belongs to the postal service. The subject of the email reads, ‘Your delivery from AustPost Order: [Insert Number]’ in an attempt to trick the recipient into believing that the email is regarding a genuine delivery. Australia Post branding is used in the body of the email to further feign authenticity.
Here’s what the email looks like:
The body of the email tries to persuade the user to click on the ‘Check Order’ link by advising that a fee of AUD $2.49 needs to be paid to receive the delivery that is currently ‘on hold’. Together with a short blurb about delays in delivery due to ‘limited flights, social distancing requirements and increased parcel volumes’ which could very well trick users into clicking on what is actually a phishing link, due to the urgency and curiosity of receiving a package and legitimate reasons for a delay. The inclusion of a ‘Coronavirus Impacts’ link on the bottom right-hand side of the email takes the user to a legitimate Australia Post page, adding a degree of authenticity to the email.
However, the splash of foreign (Cyrillic) characters used in the body of the email to replace words such as ‘Item’, ‘to’ and ‘We’re’ along with grammatical errors alert recipients to it being a scam. Clicking on the ‘Check Order’ button in blue takes the user to a phishing page which is a compromised WordPress site as per below:
It appears that the owner of the site has now detected the phishing content in the page and has since removed it, which means scammers are not able to collect any sensitive details from victims, however it is likely that they will edit their campaign by pointing to a new page.
If you suspect that you have received a scam email pretending to be from Australia Post, the postal service suggests forwarding it to email@example.com. More details can be found on their Online Security page here: https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud.
One email is all that it takes.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.