Debunking hoaxes and exposing scams since 2003!





Jump To: Example    Detailed Analysis   References

Australia Post Undelivered Package Malware Emails


Jump To: Example    Detailed Analysis   References

Outline

Emails purporting to be from Australia Post claim that the delivery of a package to the recipient has failed because of an addressing error or because nobody was home. The messages instruct recipients to open an attached file or click a link to read more information about the package.

Brief Analysis

The messages are not from Australia Post and the attachments or linked websites do not contain package information. In fact, they contain malware that, once installed, can allow criminals to access the infected computer.

   

Share







Bookmark and Share




Examples

Subject: Track Advice Notification: Consignment RYR7849492

Your parcel (1) has been dispatched with Australia Post.

The courier company was not able to deliver your parcel by your address.

Label is enclosed to the letter. Print a label and show it at your post office.

Label: RYR7849492

To view/download your label please click here or follow the link below :

[Link removed]

**Please note that this is an automatically generated email - replies will not be answered.


Subject: 582 Package not delivered

Good day!

Your package was not delivered at the specified time on 27 March 2015, because nobody opened the door. Get the information about your parcel by clicking the link below. You can collect your parcel at any of our nearest offices by producing the printed out information about the parcel.

Get the information about your parcel [Link removed]

Attention!

Our Company will charge a fee if you fail to collect your parcel within 30 days. All information about tariffs is available at our website.

Best regards,
Australia Post.


Subject: AusPost Delivery information

Dear customer.

Your package has been returned to the Australia Post office.
Reason: Error in delivery address.
Information about your package is attached to the letter.
Read all information carefully and come to the "Australia Post" office to receive your package.

Thank you.
Australia Post Service.


Subject: Track your shipment No9067

Dear customer.

A courier did not deliver the package to your address.
Reason: The delivery address is wrong
Please find the attached document containing detailed information about delivery failure.
Read all information carefully and come to the "Australia Post" office to receive your package.

Thank you.
Australia Post Service.



Detailed Analysis

Internet criminals are currently distributing malicious emails that falsely claim to be from Australia Post. Many of the scam messages claim that the delivery of a package to the recipient has failed due to an error in the packaging address. Some versions claim that the parcel could not be delivered because nobody was home when the delivery driver arrived.

The recipient is instructed to open an attached file to find out more information about the supposed delivery failure.

The emails do not originate with Australia Post and the attachments do not contain package delivery information. Instead, the .zip attachments contain an executable (.exe) file that, if opened, will install malware on the recipient's computer.

Some alternative versions instruct users to click a link to read more information about the delivery instead of opening an attachment. However, the website that the link opens harbours the malware.

The malware may allow criminals to access the infected computer by initiating connections to malicious websites. It may also download and install further malicious software.

Australia Post does not send generic, unsolicited emails about package deliveries that expect users to click a link or open an attached file to access information. If you receive one of these messages, do not open any attachments that they may contain. Do not follow any links in the messages. Note that subject lines and various other details in the fraudulent emails may vary.

In fact, Australia Post is just the latest in a long line of delivery and postal companies that have been targeted in very similar malware campaigns, including FedEx, DHL, UPS and Post Express. All versions claim to contain information about a pending or failed package delivery. In all versions, the attachment or website contains malware.



Malware Delivery

Last updated: July 14, 2015
First published: 19th September 2011
By Brett M. Christensen
About Hoax-Slayer

References
FedEx Incorrect Delivery Address Malware Email
DHL Notification Malware Email
Not Able to Deliver UPS Package Malware Email
Post Express 'Incorrect Delivery Address' Malware Emails








Latest Hoax-Slayer Articles



More stories!

'Internet Capacity Warning' Phishing Scam
According to this email, which claims to be from the 'Support Department' at 'Information Technology Services', your internet capacity is 70% full and you therefore need to contact support to avoid problems.
Published: July 6, 2015


Kroger 'Free Coupons' Survey Scam
Message being distributed across Facebook claims that users can receive free coupons from American retailer Kroger just by sharing a message and visiting a third party website to claim their prize.
Published: June 16, 2015


Pointless Facebook Warning - Hackers Posting Insulting Messages or Sexual Content In Your Name
'Hacker' alert messages circulating on Facebook claim that, without your knowledge, hackers are posting insulting or sexual messages that appear to come from you onto your Facebook Timeline.
Published: June 3, 2015