Australia Post has issued a warning to watch out for fake emails that claim a package of yours hasn’t been delivered because of a weight limit.
The emails have subject lines like “unfortunately we have not been able to deliver your package” and prompt people who open the emails to click on a phishing link that directs them to a fake Australia Post website asking for personal and banking information.
“Please note that Australia Post will never email or text message you asking for personal information, financial information or a payment,” Australia Post said.
“If you are in doubt about the authenticity of an email, text message or phone call, please delete immediately or hang up.”
The notification about email scams comes within days of Australia Post warning it had seen evidence of “cyber criminals” putting together “fake websites branded with the Post Billpay logo”.
An example of the fraudulent websites provided by Australia Post includes many of the logos and artefacts as the legitimate Billpay web page, making it a believable fake at a cursory glance.
The fraud is more evident when you notice the fake text boxes (asking for a card number, expiry date, and CCV) have mis-matched sizes and there is strangely phrased “Payment For Delivery 3 AUD Fees to receive your package” above the Visa and Mastercard logos.
One of the phishing websites used by scammers.
Increased scam activity comes amidst a surge in Australia Post delivery requests as a result of people online shopping during the COVID-19 isolation period.
Auspost reported a 90 per cent increase in deliveries during April compared with the same time last year.
As a result, the delivery organisation added 600 casual staff to help manage the load.
Scams on the rise
COVID-19 has led to a spike in the number of scams being perpetrated online.
The Australian Cyber Security Centre (ACSC) said it received an average of two cybercrime reports per day between mid-March and late April and had responded to a further 20 incidents involving COVID-19 national suppliers or response services.
Leaning on tech giants like Google and Microsoft, the ACSC has knocked down hundreds of malicious coronavirus-themed websites.
Emails and SMS messages have also been regular attack vectors for scammers looking to take advantage of the global health crisis.
Unveiling Telstra’s ‘Cleaner Pipes’ initiative this week, Telstra CEO Andrew Penn said the company was upgrading its DNS filtering and ability to block scam text messages.
“If COVID-19 is forcing the pace and scale of innovation it is also underscoring the critical importance of cyber security,” Penn said.
“In an era where staying at home means staying safe, staying safe and secure online has also never been more important.”
If you spot a scam you can report it to the ACCC’s Scamwatch and if you fear you have been a victim of identity theft, contact ID Care.