Australia Post and the ACCC have issued warnings to postal customers to watch out for parcel delivery scams arriving as email messages this Christmas.
The emails claim to come from Australia Post and ask recipients to collect a parcel or pay for storage fees. A link takes you to a fake Australia Post website that offers a download of ‘tracking information’ but is in fact a virus known as ransomware that holds data to ransom.
“We’ve received over 100 reports of this scam already this December – more than last December, with only half the month gone,” said Australian Competition and Consumer Commission (ACCC) deputy chair Delia Rickard. “The ACCC is also seeing a significant increase in both personal and commercial information loss being reported to this scam, with over 350 reports this year compared to 250 in 2014.
“Scammers take advantage of the busy Christmas season to send you emails about a ‘missed parcel delivery’, purportedly from trusted services such as Australia Post or FedEx. The emails may be personalised with your name and address and look to be from a legitimate company complete with fraudulent logos,” said Rickard. “The email may mention a fee will be charged while they hold your undelivered item. Scammers ask you to open an attachment or download a file to retrieve your parcel. If you follow these instructions, an executable file (.exe) will load on to your computer and install ransomware as soon as it is opened.
“Ransomware is a type of malware that freezes your computer and demands a ransom for you to be able to access your computer again. Scammers commonly ask for bitcoins or ask you to transfer money by wire transfer. Even if you pay the fee, there is no guarantee that your computer will be unlocked. If you receive an email about a package, don’t open any attachments or download files and regularly back-up your computer’s data on a separate hard drive."
Australia Post issued an alert reminding customers that it puts a notice in their letterbox if a package is undeliverable. It warned customers to delete any emails claiming to be from Australia Post about an undelivered package and said some of the subject lines that are appearing in these scam emails include these:
A courier did not redeem package
A mailman did not redeem parcel
An agent have not redeem item
If you receive these kind of emails, Australia Post advises:
Delete them ASAP
Do not click on any links
Report any scam emails to Scam Watch.
Be aware that Australia Post does not: ask you to make a payment for parcel collection; email you to reconfirm your address by clicking a link; charge you to hold a parcel; send you an email asking for your password, credit card details or account information; call or email you out of the blue to request payment.
If you are suspicious about a ‘missed’ parcel delivery, call the company directly to verify that the correspondence is genuine. Independently source the contact details through an internet search or phone book – do not rely on numbers provided. Buy yourself (or your business) a stand-alone hard drive for Christmas. These have become relatively inexpensive and can save you a lot if your computer is infected by malware or ransomware. Regularly back-up your computer’s data on a separate hard drive. If your computer is infected by malware or ransomware you can restore the factory settings and easily re-install all of your software and data.
You can report scams to the ACCC via Scamwatch or by calling 1300 795 995. If the scammer has posed as a legitimate company, you should also report the incident to them. You can find more information on the Australia Post website.