This story was first published on September 19th, 2011
Outline
Emails purporting to be from Australia Post claim that the delivery of a package to the recipient has failed because of an addressing error or because nobody was home. The messages instruct recipients to open an attached file or click a link to read more information about the package.
Brief Analysis
The messages are not from Australia Post and the attachments or linked websites do not contain package information. In fact, they contain malware that, once installed, can allow criminals to access the infected computer.
Examples
Subject: Track Advice Notification: Consignment RYR7849492
Your parcel (1) has been dispatched with Australia Post.
The courier company was not able to deliver your parcel by your address.
Label is enclosed to the letter. Print a label and show it at your post office.
Label: RYR7849492
To view/download your label please click here or follow the link below :
[Link removed]
**Please note that this is an automatically generated email – replies will not be answered.
Subject: 582 Package not delivered
Good day!
Your package was not delivered at the specified time on [date], because nobody opened the door. Get the information about your parcel by clicking the link below. You can collect your parcel at any of our nearest offices by producing the printed out information about the parcel.
Get the information about your parcel [Link removed]
Attention!
Our Company will charge a fee if you fail to collect your parcel within 30 days. All information about tariffs is available at our website.
Best regards,
Australia Post.
Subject: AusPost Delivery information
Dear customer.
Your package has been returned to the Australia Post office.
Reason: Error in delivery address.
Information about your package is attached to the letter.
Read all information carefully and come to the “Australia Post” office to receive your package.
Thank you.
Australia Post Service.
Subject: Track your shipment No9067
Dear customer.
A courier did not deliver the package to your address.
Reason: The delivery address is wrong
Please find the attached document containing detailed information about delivery failure.
Read all information carefully and come to the “Australia Post” office to receive your package.
Thank you.
Australia Post Service.
Detailed Analysis
For several years, Internet criminals have been distributing malicious emails that falsely claim to be from Australia Post. Some of the scam messages claim that the delivery of a package to the recipient has failed due to an error in the packaging address. Other versions claim that the parcel could not be delivered because nobody was home when the delivery driver arrived.
The recipient is instructed to click a link or open an attached file to find out more information about the supposed delivery failure.
The emails do not originate with Australia Post and the attachments or linked websites do not contain package delivery information. Instead, they harbour malware.
The characteristics of the malware payload may vary. Often, it will be ransomware designed to lock the files on the infected computer until the victim pays online criminals for the unlock code. In other cases, the malware may be designed to steal collect sensitive information such as banking passwords from the infected computer and send it to the criminals.
Australia Post does not send generic, unsolicited emails about package deliveries that expect users to click a link or open an attached file to access information.
These malware messages are common and take many forms. Subject lines and other details in these fraudulent emails may vary considerably. If you receive one of these messages, do not open any attachments that they may contain. And, do not follow any links in the messages.
Australia Post has published information about these ongoing malware attacks on its scam alerts page.
Note that Australia Post is just one in a long line of delivery and postal companies that have been targeted in very similar malware campaigns, including FedEx, DHL, UPS, Post Express, and the Royal Mail. All versions claim to contain information about a pending or failed package delivery. In all versions, the attachment or website contains malware.
Original Source : https://www.hoax-slayer.net/australia-post-undelivered-package-malware-emails/