Mistakes let down new ransomware email impersonating Australia Post

Posted by Jaclyn McRae on 15 November 2016 17:11:08 AEDT

 Poor grammar lets down a large-scale hoax Australia Post email that aims to install ransomware by stealth.

Poor grammar lets down a large-scale hoax Australia Post email that aims to install ransomware by stealth.

The email is designed to look like a missed delivery notice from Australia Post, complete with the organisation’s iconic red branding. 

MailGuard detected the link as malicious today. The number of emails intercepted suggests thousands of Australian inboxes could receive the scam email today.

The email references Australia Post’s controversial mid-year plan to introduce a parcel holding fee for items that aren’t collected with two weeks. The plan was quickly scrapped amid consumer outcry.  

In broken English the scammers claim the courier couldn’t deliver the package because nobody was home, and claim the right to charge $2.83 for every day the parcel is held.

The email includes a variety of subject lines. Most refer to a ‘consignment’, ‘delivery’, ‘package’ or ‘parcel’ experiencing ‘an exception’. While the sender appears to be AU Post, the real sending domain varies, but appears unrelated.

Mistakes let down new malware phishing email impersonating Australia Post MailGuard.jpg

Those who click the ‘Download label’ link are directed to a fake Australia Post webpage – packagestrackauspost.org – which downloads a Zip file containing a malware dropper.

Mistakes let down new malware phishing email impersonating Australia Post2 MailGuard.jpg

This could facilitate the installation of a Crypto variant such as TorrentLocker, or key-logging applications that allow scammers to record sensitive information such as user names and passwords. These details might then be used to hack bank accounts and other personal data.

Why is ransomware dangerous?

When ransomware files have been run by the email recipient or web user, the malware encrypts files on the local device and possibly the entire network.

The user or business is then held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.

Cybercriminals regularly target Australia Post and other delivery companies such as FedEx and DHL, and in the leadup to Christmas, Australians awaiting deliveries are likely to be increasingly susceptible.

Advice from Australia Post

Australia Post’s website advises that it would never ask anyone to click on an email link to print a label to redeem a package.

Similarly, Australia Post doesn’t:

  • Email or call you to ask for personal or financial information including password, credit card details or account information
  • Send emails asking you to click on an attachment
  • Email you to confirm your physical mailing address by clicking on a link
  • Call or email you out of the blue to request payment

If you receive a variant of this email, Australia Post asks that don’t click any links or attachments, delete it immediately and report it to SCAMwatch or Stay Smart Online.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Ransomware Australia Post Scam Torrentlocker cybercrime Shipping notification

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all