The email appears to originate from Australia Post and informs the recipient of a package that has supposedly arrived for them at a local Australia Post
store. The email then directs people to download and print the attached shipping information, which contains ransomware known as 'Locky'.
Once the ransomware is downloaded, users are prevented from accessing their files until a ransom fee has been paid, according to MailGuard, the IT security
company that reported the scam.
Mailguard has called this latest scam "highly innovative" as the scammers are sending personalised emails using information they've gathered from social
"The email is directly addressed to the recipient, using their first, last name, location, job title and company name, all included within the email
content," MailGuard said on a website post about the hoax.
"By using highly advanced scraping software, cyber criminals are able to scan and acquire this information from readers' public profiles on social media
It's more likely recipients of an email would download an attachment if it contains personalised information about them.
Don't click the link
This is not the first time emails claiming to be from Australia Post have been used as part of an online scam. A spokesperson told CHOICE there are a number
of scams currently operating that involve Australia Post.
"Australia Post leaves a card in the letterbox if the customer is not at home to receive a parcel. We don't ask customers to click on a link before picking
up an item awaiting collection," the spokesperson said.
More information on email scams targeting Australia Post customers can be found on the Australia Post website.
More information on online safety
- Read our guide to guarding your online privacy.
12 online scams gives an outline of the most common online scams and how to avoid them.
Our guide to
provides more information on how to avoid ransomware attacks on your computer.