Australia Post ransomware email scam

Personal information from social media sites is being used in an elaborate email scam luring people into downloading ransomware.

Scamming got sophisticated

Australia Post has warned people to be on the lookout for a new scam circulating via email which could leave their computers vulnerable to ransomware.

The email appears to originate from Australia Post and informs the recipient of a package that has supposedly arrived for them at a local Australia Post store. The email then directs people to download and print the attached shipping information, which contains ransomware known as 'Locky'.

Once the ransomware is downloaded, users are prevented from accessing their files until a ransom fee has been paid, according to MailGuard, the IT security company that reported the scam.

Sophisticated scamming

Mailguard has called this latest scam "highly innovative" as the scammers are sending personalised emails using information they've gathered from social media sites.

"The email is directly addressed to the recipient, using their first, last name, location, job title and company name, all included within the email content," MailGuard said on a website post about the hoax.

"By using highly advanced scraping software, cyber criminals are able to scan and acquire this information from readers' public profiles on social media sites."

It's more likely recipients of an email would download an attachment if it contains personalised information about them.

Looking for a new laptop? See which brands and models we recommend in our entry-level, small and hybrid laptop reviews.

Don't click the link

This is not the first time emails claiming to be from Australia Post have been used as part of an online scam. A spokesperson told CHOICE there are a number of scams currently operating that involve Australia Post.

"Australia Post leaves a card in the letterbox if the customer is not at home to receive a parcel. We don't ask customers to click on a link before picking up an item awaiting collection," the spokesperson said.

More information on email scams targeting Australia Post customers can be found on the Australia Post website.

More information on online safety

  • Read our guide to guarding your online privacy.
  • 12 online scams gives an outline of the most common online scams and how to avoid them.
  • Our guide to ransomware provides more information on how to avoid ransomware attacks on your computer.