Australia Post customers are being warned about a sneaky trick where scammers impersonate the delivery company to steal personal information and money.
Australian social media star Tups issued the warning to Australia Post customers after nearly falling victim to the phishing attack.
The scammers pose as the postal service with a text message to potential victims, stating: ‘AusPost: delivery attempt on 5/22; track your package on www.auspost-shipment.life to reschedule.
Clicking the link will take the recipient to a phishing page, almost an exact replica of Australia Post’s tracking site.
The fake Australia Post website then asks victims to provide their credit details in order to receive their package.
Tups says he would have fallen victim to the scam had he not had time to call and contact Australia Post.
A few telling clues will help you spot the scam.
First, Australia Post says it will never solicit payments or personal information over the phone, text or email.
Second, the email’s formatting isn’t as clean as you’d expect from Australia Post and doesn’t use any branding other than the red you normally see in the logo.
Third, the website URL is different from Australia Post’s official website, which is www.auspost.com.au.
An Aussie guy has warned about a new scam posing as the company’s tracking page to steal personal information and money
“It’s so easy to fall for,” Tups said.
“The funny thing is that all the links go to the Australia Post’s official page, Facebook.
‘When I called the chick (Australia Post) she told me she had already received several calls about it.
“If I didn’t have a day off to check, I literally had an empty bank account.
‘Keep vigil guys, they’re getting smart. Ask everything.’
He showed that the email has all the drop-down menus and checkboxes that mimic the tracking site.
“Hats off to them, it’s about the money,” he said.
‘They really nailed this one 10/10’.
Social media star Tups has exposed an Australia Post scam
Email security organization MailGuard says: ‘The email itself makes heavy use of Australia Post’s branding, and apart from a few grammatical errors in the text, it is difficult to distinguish from a genuine email’.
The scam works by a victim receiving an email from an account posing as the delivery giant’s customer service team claiming that the package is ‘on hold’ and that the customer must pay a small fee (pictured)
In addition to the text message, some Aussies are receiving a similar email from scammers posing as Australia Post.
“The email itself makes heavy use of Australia Post’s branding, and apart from a few grammatical errors in the text, it’s difficult to tell it apart from a genuine email,” said cybersecurity software provider MailGuard.
The email claims that the customer’s package is on hold and they must pay $3 to redirect it to their address.
When the recipient clicks the payment button, he is taken to a phishing page.
MailGuard warns that aside from a few grammatical errors in the fine print, the site is very sophisticated and the errors are often overlooked.
The user is asked to verify their address and provide personal information which is then collected, including the credit card information entered to make the payment.
The victim is then instructed to enter a one-time code that will be sent to their mobile, a seemingly innocuous move, but one that allows cybercriminals to verify the authenticity of the card details they stole.
In 2022, Australia Post delivered 2.7 billion items, making it one of the largest delivery services in the country.