Gabi Power 02 June 2022 16:38:12 AEST 9 MIN READ

Is Your Package “On Hold”? It May Be a New Australia Post Scam

Australia Post are once again being mimicked in a new phishing scam, which intends on stealing your credit card details.  

 If your business doesn’t use MailGuard, it’s likely someone in the company will receive this email. Be on the lookout for the subject line “Your package is waiting for delivery”, with the sender name AUSPOST. While this may all seem legitimate, the emails are actually coming from random addresses on the domains t2(dot)moe(dot)edu(dot)eg and uteco(dot)edu(dot)do, which are respectively registered in Egypt and the Dominican Republic.   

While the email itself is relatively straight forward, you’ll see an Australia Post logo and copyright to provide a level of authenticity. The text is littered with grammatical errors, but briefly explains that your parcel is on hold in the warehouse, and to track it by clicking the button.  

Here's what the email looks like: 

Your package is waiting for delivery - Mozilla Thunderbird_912


After clicking the ‘Track’ button, the user is taken to an information page which looks similar to the item tracking page Australia Post uses. This page does not contain any phishing content, instead it provides background information in the hopes of feigning legitimacy before the attack happens.  

At first glance you could be forgiven for thinking this is a legitimate Australia Post page, particularly given the URL shows aus-posttrack(dot)store/home. However, on closer inspection, you’ll notice that all of the information is generic. There’s no information on where the package is coming from, each tracking details line is non-specific (e.g. “Your parcel is at our depot) when Australia Post will generally include information such as depot, suburbs, and most of the dates are not real (e.g. -1/06/2022).   

 On this page, the customer is informed that “Your parcel hold in warehouse”, and users are instructed to schedule a new delivery by clicking a button.   


Track your items - Australia Post — Mozilla Firefox_913


Once the customer chooses to schedule a new delivery, they’re taken to the phishing page where they’re informed that they need to pay $2.47.  

They’re then instructed to enter “some personal information”, including: 

  • Credit card number 
  • Expiry date 
  • CVV 
  • Last 4 digits of your phone number 

Personal Details - Australia Post — Mozilla Firefox_914

If the customer enters information and chooses to ‘Continue’, they’re redirected to a page which appears to be processing the request. 

Payment Confirmation - Australia Post — Mozilla Firefox_915

Companies like Australia Post are often the target of impersonation in phishing attacks, due to their widespread customer base and trusted brand. Although the email itself is relatively simple, the care taken when creating the web pages has the potential to fool many unsuspecting customers.  

Australia Post advise customers that they will never: 

  • Email or call you to ask for personal or financial information including password, credit card details or account information 
  • Call or email you out of the blue to request payment 

 They also ask that if you receive any suspicious emails, please: 

  • Delete them immediately 
  • Do not click on any links or attachments 

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates