Breaking: Scammers Shift to Social with New AusPost Ransomware Attack

Posted by Richard Price on 07 March 2016 15:04:01 AEDT

In a new scam breaking early Monday, scammers are employing sophisticated social engineering techniques with a new Australia Post ransomware attack.

By scraping personal information from public profiles on social media sites, the cyber-criminals are delivering highly-personalised attacks, aimed at manipulating recipients into downloading a new version of the ransomware known as ‘Locky.’

MailGuard’s premium e-mail filtering technology was able to block this threat at the point of detection.

Here is a screenshot of the type of email to watch out for:


The email appears to originate from Australia Post, from a named sender, letting the reader know that a package has arrived for them at a local AusPost store, encouraging them to download shipping information.

What’s highly innovative about this Australia post email scam is that the email is directly addressed to the recipient, using their first, last name, location, job title and company name, all included within the email content.

By using highly advanced scraping software, cyber criminals are able to scan and acquire this information from readers’ public profiles on social media sites, then automatically distribute their campaign to thousands of targeted recipients.

In a similar way to spear phishing campaigns, readers are more likely to trust an email which includes detailed personal information about them.

Once they’ve clicked on the enclosed file and ran a javascript file, Locky is downloaded to their computer from a remote location, preventing them from accessing their files until a ransom fee has been paid.

The Australia Post scam shows how cyber criminals are using increasingly sophisticated social engineering techniques to adapt campaigns to make them more and more successful.

While we’ve seen many cases of ransomware before, Locky is a brand new variant of ransomware, which has the ability to bypass security solutions which don’t provide the required protection.

Fortunately, MailGuard was able to block this scam at the point of detection, using a range of advanced rules to recognise its malicious nature, before staff have the opportunity to view or open it.

If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email

For more tips on how to identify malicious emails like this, you can read our article here.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Cyber Criminals Ransomware Email Spam Australia Post Australia Post Virus Scam Australia Post Scam Email

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all