Poor grammar lets down a large-scale hoax Australia Post email that aims to install ransomware by stealth.
The email is designed to look like a missed delivery notice from Australia Post, complete with the organisation’s iconic red branding.
MailGuard detected the link as malicious today. The number of emails intercepted suggests thousands of Australian inboxes could receive the scam email today.
The email references Australia Post’s controversial mid-year plan to introduce a parcel holding fee for items that aren’t collected with two weeks. The plan was quickly scrapped amid consumer outcry.
In broken English the scammers claim the courier couldn’t deliver the package because nobody was home, and claim the right to charge $2.83 for every day the parcel is held.
The email includes a variety of subject lines. Most refer to a ‘consignment’, ‘delivery’, ‘package’ or ‘parcel’ experiencing ‘an exception’. While the sender appears to be AU Post, the real sending domain varies, but appears unrelated.
Those who click the ‘Download label’ link are directed to a fake Australia Post webpage – packagestrackauspost.org – which downloads a Zip file containing a malware dropper.
This could facilitate the installation of a Crypto variant such as TorrentLocker, or key-logging applications that allow scammers to record sensitive information such as user names and passwords. These details might then be used to hack bank accounts and other personal data.
Why is ransomware dangerous?
When ransomware files have been run by the email recipient or web user, the malware encrypts files on the local device and possibly the entire network.
The user or business is then held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.
Cybercriminals regularly target Australia Post and other delivery companies such as FedEx and DHL, and in the leadup to Christmas, Australians awaiting deliveries are likely to be increasingly susceptible.
Advice from Australia Post
Australia Post’s website advises that it would never ask anyone to click on an email link to print a label to redeem a package.
Similarly, Australia Post doesn’t:
- Email or call you to ask for personal or financial information including password, credit card details or account information
- Send emails asking you to click on an attachment
- Email you to confirm your physical mailing address by clicking on a link
- Call or email you out of the blue to request payment
If you receive a variant of this email, Australia Post asks that don’t click any links or attachments, delete it immediately and report it to SCAMwatch or Stay Smart Online.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.