Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

Australia Post scams return with a convincing trick

You’re going to want to watch those emails as the scams keep rolling in, playing on those of us working from home.

As more of Australia goes into lockdown and the Delta variant makes waves across the country, there are more of us working from home and possibly waiting for packages.

And that may well be giving scammers an opportunity.

Delivery messages purporting to be from Australia Post are making their way into people’s inboxes, suggesting that packages are missing an address and need you to log in and arrange for a new location. Only that’s not the case, and this is yet another Australia Post scam.

This sort of thing isn’t new, but the latest sees scammers learning from the kind of education to teach you what to spot, as they appear to be paying closer attention to the emails.

If you’ve ever received an email scam before, you may know to look at the email address, because scammers can’t fake a real email. They can add their own take, but if you get an Australia Post scam, the email from a scammer can’t use an email from auspost.com.au. That’s just not how the internet works.

However, scammers appear to have wisened up, creating an email address that gets close enough to confuse, as you can see below.

While it’s not quite the auspost.com.au email, the clearly fake Australian-Post@donageit.org.uk is close enough for a passing glance to think it could be legit, and that might cause you to click on this clearly fraudulent email.

Sadly, you mightn’t be alone, as the scams increase.

“It’s no surprise that cybercriminals follow where consumers are spending their money, which is why we see so many scams using trusted household names like Australia Post,” said Tim Falinski, Managing Director for Consumer at Trend Micro in the Asia Pacific region.

“Demand for postal services has gone through the roof as states across Australia face ongoing lockdowns, and recent figures from Australia Post show online shopping has grown 31.8% during the last financial year,” he told Pickr.

“Unfortunately, this presents a very lucrative opportunity for cybercriminals, as they try to catch consumers who may be expecting an email or SMS from Australia Post off guard. After all, how many of us are navigating tracking information for multiple deliveries right now!”

How to spot a postal delivery scam

There are some pretty clear ways to spot an email scam, also known as a phishing scam, but one of the more obvious ones comes from the whole idea.

Locally, Australia Post doesn’t appear to send emails like this out, but if you need confirmation, whichever email address you’ve associated with the purchase can act as a tracking system at the post.

Essentially, if you login at Australia Post’s MyPost service with an account registered to the same email you order things from, you can track where they’re going.

Another way is to check the email address of what was sent to you, because while scammers can get close, they can’t recreate the real thing.

In an Australia Post email, the email address should end in auspost.com.au domain, not in anything else.

For instance, a real Australia Post address is noreply@notifications.auspost.com.au, an email that ends in the correct web location.

However an email starting in a way that sounds legit doesn’t see it ending that way, so just because it sounds real at the beginning doesn’t mean it is real at all.

“One of the most important things people can do to guard against these scams is to take an eagle-eye approach and check the sender’s email address for any red flags,” said Falinski.

“Consumers should look closely, however, as some cybercriminals will only have minor discrepancies. Additional things to look out for are a sense of urgency for payment and threatening language that says the shipment won’t be delivered unless there is payment made or personal information given.”

While the wording is important, always check the email address because scammers and con-artists can’t recreate the real thing, but only get close. And if it’s fake, click delete and move on with your life.

Read next