Business operators
and shoppers who might still be expecting parcels from Christmas and Boxing Day
sales are being targeted by an email scam that is disguised as an
Australia Post parcel pickup notification
MailGuard reports the malicious emails have been
hitting thousands of inboxes since Tuesday morning. The email includes Auspost
logos and a link to what appears to be the official website.
However, the linked
website is a perfect replica of the real Australia Post site, including
accurate graphics and even a “Captcha” input form to convince users it is
legitimate.
The sham website
invites users to download the “collect receipt” of the phantom parcel in order
to verify their delivery details. On downloading the receipt, the recipient’s
computer is infected with malicious software.
Nicholas Haritos,
cyber security expert at Cybersecurity Essentials, told SmartCompany these
email scams are becoming more sophisticated.
“Malware attacks
are becoming more elaborate in their ways of trying to trick people, and it’s
becoming the norm for them to attempt things like this,” Haritos said.
Haritos advises the
URL of a web page is generally a giveaway for malicious activity. In this
situation, the fake Auspost website included a suffix of .tk, compared to the
legitimate website’s suffix of .com.au.
“Always be on the
lookout for dummy URLs, it’s one of the key ways of determining fake websites.
If it doesn’t match to the original vendor’s website then something’s dodgy,”
he says.
A crafty way around antivirus software
Along with a
sophisticated fake website, the email also included a crafty way to avoid most
antivirus software.
By slightly
changing the subject line or contents of a malware email each time it is sent,
attackers can bypass many popular antivirus programs. This is because antivirus
programs typically compare the body of an email with other text typically used
in scam emails, and mathematically determine if the email is malicious.
By changing even a
single letter, the determination method is confused, allowing some emails to
slip through. This is known as content spinning.
However, Haritos
believes this method will soon be unsuccessful as a number of antivirus
programs are inventing new methods to prevent attacks such as these.
“A lot of antivirus
programs are changing the way they operate. They’re starting to incorporate
behavioural type analytics to monitor the behaviour of users and stop any out
of the ordinary downloads,” he says.
In a statement to SmartCompany,
an Australia Post spokesperson said scam emails are a “concerning trend across
all industries and everyone should remain vigilant”.
“People who receive
the new email scam asking them to click on a link to reconfirm their correct
address should delete it immediately,” the spokesperson said.
“We encourage
anyone who believes they have received a suspicious email to contact their
local post office or our Customer Contact Centre on 13 POST.”
Source: SmartCompany
