Business operators and shoppers who might still be expecting parcels from Christmas and Boxing Day sales are being targeted by an email scam that is disguised as an Australia Post parcel pickup notification.
MailGuard reports the malicious emails have been hitting thousands of inboxes since Tuesday morning. The email includes Auspost logos and a link to what appears to be the official website.
However, the linked website is a perfect replica of the real Australia Post site, including accurate graphics and even a “Captcha” input form to convince users it is legitimate.
Read more: Over one million Google accounts infected by malware in largest Google breach to date
The sham website invites users to download the “collect receipt” of the phantom parcel in order to verify their delivery details. On downloading the receipt, the recipient’s computer is infected with malicious software.
Nicholas Haritos, cyber security expert at Cybersecurity Essentials, told SmartCompany these email scams are becoming more sophisticated.
“Malware attacks are becoming more elaborate in their ways of trying to trick people, and it’s becoming the norm for them to attempt things like this,” Haritos said.
Haritos advises the URL of a web page is generally a giveaway for malicious activity. In this situation, the fake Auspost website included a suffix of .tk, compared to the legitimate website’s suffix of .com.au.
“Always be on the lookout for dummy URLs, it’s one of the key ways of determining fake websites. If it doesn’t match to the original vendor’s website then something’s dodgy,” he says.
A crafty way around antivirus software
Along with a sophisticated fake website, the email also included a crafty way to avoid most antivirus software.
By slightly changing the subject line or contents of a malware email each time it is sent, attackers can bypass many popular antivirus programs. This is because antivirus programs typically compare the body of an email with other text typically used in scam emails, and mathematically determine if the email is malicious.
By changing even a single letter, the determination method is confused, allowing some emails to slip through. This is known as content spinning.
However, Haritos believes this method will soon be unsuccessful as a number of antivirus programs are inventing new methods to prevent attacks such as these.
“A lot of antivirus programs are changing the way they operate. They’re starting to incorporate behavioural type analytics to monitor the behaviour of users and stop any out of the ordinary downloads,” he says.
In a statement to SmartCompany, an Australia Post spokesperson said scam emails are a “concerning trend across all industries and everyone should remain vigilant”.
“People who receive the new email scam asking them to click on a link to reconfirm their correct address should delete it immediately,” the spokesperson said.
“We encourage anyone who believes they have received a suspicious email to contact their local post office or our Customer Contact Centre on 13 POST.”
Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on Twitter, Facebook, LinkedIn and Instagram.