Akankasha Dewan 13 February 2020 12:51:18 AEDT 3 MIN READ

Parcel delivery email scam spoofs Aramex, claims delivery was ‘unsucessful’

Valentine’s Day is a day away, so it’s perhaps no surprise that cybercriminals are using parcel delivery email scams to trick unsuspecting recipients.

MailGuard intercepted one such scam earlier today morning (AEST). Purporting to come from courier services company Aramex Group, the email is infiltrating inboxes using the display name ‘eTeam’. It is titled ‘New Aramex Message’. It actually originates from a single compromised email address. The plain-text email informs recipients that delivery to their mailing address has been ‘unsucessful’ and as such, ‘additional information’ is needed. Recipients are instructed to click on a link masquerading as a ‘tracking number / ship ID’.

Here is a screenshot of the email:  

Aramex 1302 edited

Unsuspecting users who click on the link are led to a fake Microsoft-branded login page that asks for their email password, as per the below:

aramex microsoft edited

After recipients have inserted their password and have 'signed in', they get a message saying 'wrong password error'. 

The sole purpose of this email scam is to harvest personal details of recipients so the criminals behind this scam can break into their accounts and commit identity theft.

Cybercriminals have employed multiple techniques to boost this email’s credibility. These include:

  • use of a major brand name to inspire false trust; the usage of the supposed ‘new message from Aramex’ subject boosts the email's credibility,
  • inclusion of high-quality branding elements like Microsoft’s logo & branding in the phishing page that are typically present in pages from the company and,
  • an intriguing body; informing recipients that their delivery is unsuccessful creates a sense of mystery and anxiety, motivating users to take action immediately without checking on the email’s authenticity.

Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, the sender address does not use the actual Aramex domain and the link points to a suspicious URL. In addition, the email contains several spelling and spacing errors like ‘unsucessful’.  

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Another parcel delivery scam?

Fake parcel email scams are a favourite of cybercriminals. We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever, it’s sometimes hard to keep track of what parcels we’re expecting.

The criminals behind this scam prey on people’s busy lives and curiosity.

Well-known companies such as Aramex, Australia Post, Fedex and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates