Australia Post ‘Sending Not Delivered’ Malware Email

This email, which purports to be from Australia Post, claims that a dispatch was not delivered to your address because nobody was home.

The email urges you to click a button labelled ‘Get Sending Document”  to view information about the delivery.  Supposedly, you can print out the information and take it to a post office to collect your parcel.

However, Australia Post did not send the email and clicking the link will not open information about a failed parcel delivery.

Instead, clicking the button opens a website that harbours malware.

The exact nature of this malware can vary.  It may be ransomware that locks up your computer’s files and demands that you pay a fee to online criminals for an unlock code. Or it may be designed to steal sensitive login details and other personal information from your computer.

Criminals have repeatedly used fake ‘undelivered parcel’ emails as a means of distributing malware.  Similar fake Australia Post emails have been used as a malware vector since at least 2011.

And alternative versions have falsely claimed to be from other high-profile delivery companies including FedEx, USPS, and the Royal Mail.

Australia Post will never ask you to click a link or button in an email to print off a label to redeem a package. Australia Post has more information about such scams on its website.

An example of the malware email: