Richard Price 07 March 2016 15:04:01 AEDT 2 MIN READ

Breaking: Scammers Shift to Social with New AusPost Ransomware Attack

In a new scam breaking early Monday, scammers are employing sophisticated social engineering techniques with a new Australia Post ransomware attack.

By scraping personal information from public profiles on social media sites, the cyber-criminals are delivering highly-personalised attacks, aimed at manipulating recipients into downloading a new version of the ransomware known as ‘Locky.’

MailGuard’s premium e-mail filtering technology was able to block this threat at the point of detection.

Here is a screenshot of the type of email to watch out for:


The email appears to originate from Australia Post, from a named sender, letting the reader know that a package has arrived for them at a local AusPost store, encouraging them to download shipping information.

What’s highly innovative about this Australia post email scam is that the email is directly addressed to the recipient, using their first, last name, location, job title and company name, all included within the email content.

By using highly advanced scraping software, cyber criminals are able to scan and acquire this information from readers’ public profiles on social media sites, then automatically distribute their campaign to thousands of targeted recipients.

In a similar way to spear phishing campaigns, readers are more likely to trust an email which includes detailed personal information about them.

Once they’ve clicked on the enclosed file and ran a javascript file, Locky is downloaded to their computer from a remote location, preventing them from accessing their files until a ransom fee has been paid.

The Australia Post scam shows how cyber criminals are using increasingly sophisticated social engineering techniques to adapt campaigns to make them more and more successful.

While we’ve seen many cases of ransomware before, Locky is a brand new variant of ransomware, which has the ability to bypass security solutions which don’t provide the required protection.

Fortunately, MailGuard was able to block this scam at the point of detection, using a range of advanced rules to recognise its malicious nature, before staff have the opportunity to view or open it.

If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30 or email

For more tips on how to identify malicious emails like this, you can read our article here.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top