Akankasha Dewan 04 June 2021 11:56:02 AEST 5 MIN READ

Warning: Phishing email purporting to be from Australia Post claims your parcel will be returned

Australia Post continues to be popular among cybercriminals looking to trick users, especially as we approach the End of Financial Year (EOFY).

MailGuard has intercepted a new phishing email scam that purports to be an alert from the postal company, ultimately leading to fraudulent pages employing Australia Post’s branding.

Titled ‘AUPost/ Your package is about to return’, the email uses a display name of ‘Post Center’. It contains Australia Post’s logo, along with a ‘Priority Mail Express Confirmation Number’. However, the domain used in the sender address provided in the email’s ‘From:’ field doesn’t belong to Australia Post. It actually originates from a potentially compromised Plesk server hosted overseas.

The email informs recipients that a package they will receive tomorrow will be returned due to a 'wrong shipping address'. It directs users to pay ‘extra fees online to submit a new delivery request’. A link is provided to do so, titled ‘Get My Parcel’.

Here is what the email looks like:



Unsuspecting recipients who click on the link are led to an intermediary site, which automatically redirects them to several pages asking them for their personal details, including their credit card information.

Here are screenshots of those pages:




As you can see from the screenshots above, these pages also contain Australia Post’s logo, along with an order number and details related to the parcel delivery, including estimated delivery time and status. However, the domain used in the URLs of these pages does not belong to Australia Post – a red flag pointing to their illegitimacy. These are actually phishing pages hosted on a different Plesk server.

After users insert the required fields, their information is harvested by attackers, and they are led to a similarly formatted page asking them for a verification code that has supposedly been sent to their mobile, as per below:



We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

Well-known postal and shipping companies such as Australia Post, FedEx and DHL are popular targets for scammers to impersonate because they are trusted names with large customer bases. Most recently, MailGuard reported a similar Australia Post-themed email scam in May 2021.

The timing of this scam is particularly opportunistic. With the End of Financial Year (EOFY) approaching, many users will be shopping online to take advantage of lucrative deals & sales. This is one of the busiest parts of the year for shopping & parcel delivery. Scammers know that receiving notifications related to parcel delivery isn't likely to be unusual in this period, and hence use lures like these to trick users. We’re all eager to get our shopping on time, so we might not think twice before clicking a link in parcel-delivery notifications.

In this particular case, cybercriminals are preying on the curiosity of Australia Post customers who may think a ‘package’ is actually on the way, and that it might be returned due to an incorrect shipping address. This motivates them to enter their personal details without hesitating. Here are some techniques that cybercriminals behind this scam have employed to trick users:

  • The inclusion of specific details, like a ‘Priority Mail Express Confirmation Number’, a display name like ‘Post Center’ and the company’s logo, suggest the email is sent from an official source belonging to Australia Post, boosting its credibility,
  • The use of a subject like ‘Your package is about to return’. These intrigues and motivates users to take immediate action if they wish to receive their package. Cybercriminals behind this scam hope in their excitement and curiosity, recipients don’t pause to check for the legitimacy of the email and,
  • The presence of multiple details related to delivery in the phishing pages, like delivery status and estimated delivery date. These features are commonly present in notifications from well-established companies like Australia Post, further convincing users that those pages actually belong to the company.

Despite these techniques, several red flags are present in the email that should alert users of its illegitimacy. These include the fact that it doesn’t address the recipient directly, and that it contains several spacing & grammatical errors.

If you suspect that you have received a scam email pretending to be from Australia Post, the postal company advises that you forward it to scams@auspost.com.au. More details can be provided on their Online Security page here: https://auspost.com.au/about-us/about-our-site/online-security-scams-fraud

We all love getting something (aside from a bill) in the mail, and with online shopping more popular than ever (especially since the COVID-19 pandemic), it’s sometimes hard to keep track of what parcels we’re expecting. Cybercriminals know this, and often prey on people’s busy lives and curiosity trick them.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from, and
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 


One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates