Scammers are masquerading as Australia Post to scam unsuspecting victims out of their personal and financial information. The scam involves a series of SMS messages or emails claiming to be from Australia Post and often asks the recipient to confirm a package delivery or to provide sensitive personal information for a missed delivery. We're going to dive into this scam, what to keep an eye out for, and what to do.
Not only do the fake emails seem authentic with realistic logos and colour schemes reminiscent of the real Australia Post aesthetic, but it will also have the sender name 'AUSPOST'.
The key giveaways that these emails are fake are the email addresses, which are on the domains 't2.moe.edu.eg' or 'uteco.edu.do' and are registered in Egypt and the Dominican Republic respectively, and a series of grammatical errors throughout.
There's also a 'Track' button (or something similar) that will direct you to an external website that looks very similar to the 'Track an Item' page that Australia Post uses. The key giveaways here that the site is fake is the URL, which is 'aus-posttrack.store' and is not legit, and a series of grammatical errors on the page.
At this stage, the page doesn't contain any dangerous or phishing content and is designed to feign legitimacy in order to lure people into clicking the 'Schedule a new delivery' button. It is here where the attack happens.
The 'Schedule new delivery' button will direct people to a phishing page where they're asked to enter some personal information that includes a credit card number and phone number. DO NOT ENTER YOUR PERSONAL INFORMATION.
There are a number of variations on the types of bogus Australian Post emails that scammers can send. In addition to the aforementioned types, there's also a very convincing 'on hold' customer service email that (fraudulently) claims that your packages are 'on hold' and will only be released once the costs are paid via the 'Send my package' button that's in the email.
While this is a convincing fake email, there are the usual telltale signs that it's fake, such as typos, grammatical errors and the sender's email being something strange.
The button in the fake email will lead to a phishing page that's a convincing replica of the Australia Post tracking site. Here, scammers will try to trick people into entering their personal information.
This fake Australia Post website is quite convincing, but has one major red flag in the form of a strange URL, which is actually for a website called 'bestfunnyblog'.
As with all phishing emails, DO NOT ENTER YOUR PERSONAL INFORMATION on any prompt or fake website that's enclosed. Delete the email straight away and block the email address.
The fake SMS messages are less sophisticated than the emails and can be identified as something sent by scammers due to issues like:
Grammatical errors throughout the text
Being sent from a random number rather than 'AusPost'
Containing a fake link such as 'digitaltalentspro.com/au'
Asking for a shipping fee.
The link in these fake AusPost texts will direct you to a phishing website that will ask for personal information, such as a credit card number and phone number. Like with the fake emails, DO NOT ENTER YOUR PERSONAL INFORMATION.
What to do to stay safe
If you do get one of these scam SMS messages or emails, make sure you do the following so you can stay safe:
Report then delete any suspicious messages claiming to be from Australia Post.
Never reply with personal information over text, email or phone calls unless you are able to verify the caller or sender.
If you've shared personal or financial details in response to the SMS or email, you need to:
Contact your bank immediately to let them know what happened and ask what they can do to help.
Change the passwords for any online accounts that might be at risk. Make sure to enable two-factor authentication for an extra layer of security.
If you've shared personally sensitive information, such as your driver's licence, passport details, or contact details, visit IDCare for assistance on how to address potential identity theft.
File a report with the Australian Cyber Security Centre here.
Australia Post will never email or call people asking for personal or financial information, nor will they call or email people randomly to request payment. They are urging individuals to be cautious of suspicious links via text messages and emails and to report any emails appearing suspicious to email@example.com before deleting the content immediately.
If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app to connect to our team of qualified, caring health professionals.
Information sourced from Australia Post, Australia Post via Twitter, and Mailguard.
Image credit: Rob Johnson at Flickr
All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice. Always seek the guidance of a qualified health professional.