Australia Post 'Parcel not Delivered' Email Points to Malware
Email purporting to be from Australia Post claims that your parcel was not delivered to your address because nobody was home. The email instructs you to click a 'Track Your Item' or 'Download shipping label' link to get more information about the undelivered parcel.
The email is not from Australia Post and the link does not open information about an undelivered parcel. Instead, the link leads to a website that harbours malware. In many cases, the malicious payload consists of CryptoLocker ransomware. This malware may lock your computer until you pay an unlock fee to online criminals.
An agent was unable to redeem the parcel to your address for the reason: nobody was at home
Print out label then go to post office to collect the package.
Please note: If the box isn't received within 30 working days We can have the right to claim commissions from you for package storing in the sum of 1.02 AUD for every day of keeping.
Receive the packing
Download shipping label
Subject: 68317188 Tracking information
Your parcel has not been delivered to your address on October 15, 2014, because nobody was at home. Please view the information about your parcel, print it and go to the post office to receive your package.
Track your item
Australia Post expressly disclaims all conditions, guarantees and warranties, express or implied, in respect of the Service. Where the law prevents such exclusion and implies conditions and warranties into this contract, where legally permissible the liability of Australia Post for breach of such condition, guarantee or warranty is limited at the option of Australia Post to either supplying the Service again or paying the cost of having the service supplied again. If you don't receive a package within 30 working days Australia Post will charge you for it's keeping. You can find any information about the procedure and conditions of parcel keeping in the nearest post office.
'Australia Post' Email Claims A Parcel Was Not Delivered
According to this email, which claims to be from Australia Post, a parcel was not delivered to your address because you were not home to receive it. The message invites you to view and print information about the missed parcel by clicking a 'Track Your Item' link.
Email is Not From Australia Post - Link Opens Malware Website
However, the email is not from Australia Post
and the link does not lead to information about an undelivered parcel. Instead, the link opens a compromised website that harbours malware.
Site May Contain CryptoLocker Ransomware
The exact payload for these emails may vary with different incarnations of the message. However, the latest versions generally trick users into installing CryptoLocker ransomware.
Once installed, this type of malware can lock files on your computer and demand a large fee for an encryption key to retrieve your files. Often, the scammers will claim that you must pay this fee within a specified time frame such as 72 hours or they will destroy the key thereby locking your files permanently.
'Failed Package Delivery' Emails a Common Malware Tactic
The 'undelivered parcel' email is a favourite tactic for malware distributors and has been used repeatedly. Similar fake Australia Post emails
have been used as a malware vector since at least 2011.
And alternative versions have pretended to be from other high-profile delivery companies including FedEx
, and the Royal Mail
Be very wary of any email that claims that a parcel delivery failed and that you should click a link or open an attached file to get more information or print a shipping label.
Last updated: February 1, 2016
First published: October 23, 2014
By Brett M. Christensen