Parcel Delivery Malware
Home Malware Australia Post Undelivered Package Malware Emails

Australia Post Undelivered Package Malware Emails

by Brett M. Christensen

This story was first published on September 19th, 2011

Outline

Emails purporting to be from Australia Post claim that the delivery of a package to the recipient has failed because of an addressing error or because nobody was home. The messages instruct recipients to open an attached file or click a link to read more information about the package. 

Brief Analysis

The messages are not from Australia Post and the attachments or linked websites do not contain package information. In fact, they contain malware that, once installed, can allow criminals to access the infected computer.

Examples

Australia Post malware emails

 

Australia Post Malware Email

 

Australia Post Malware Email

 

Subject: Track Advice Notification: Consignment RYR7849492

Your parcel (1) has been dispatched with Australia Post.

The courier company was not able to deliver your parcel by your address.

Label is enclosed to the letter. Print a label and show it at your post office.

Label: RYR7849492

To view/download your label please click here or follow the link below :

[Link removed]

**Please note that this is an automatically generated email – replies will not be answered.

 

Subject: 582 Package not delivered

Good day!

Your package was not delivered at the specified time on [date], because nobody opened the door. Get the information about your parcel by clicking the link below. You can collect your parcel at any of our nearest offices by producing the printed out information about the parcel.

Get the information about your parcel [Link removed]

Attention!

Our Company will charge a fee if you fail to collect your parcel within 30 days. All information about tariffs is available at our website.

Best regards,
Australia Post.

 

Subject: AusPost Delivery information

Dear customer.

Your package has been returned to the Australia Post office.
Reason: Error in delivery address.
Information about your package is attached to the letter.
Read all information carefully and come to the “Australia Post” office to receive your package.

Thank you.
Australia Post Service.

 

Subject: Track your shipment No9067

Dear customer.

A courier did not deliver the package to your address.
Reason: The delivery address is wrong
Please find the attached document containing detailed information about delivery failure.
Read all information carefully and come to the “Australia Post” office to receive your package.

Thank you.
Australia Post Service.

 

Detailed Analysis

For several years, Internet criminals have been distributing malicious emails that falsely claim to be from Australia Post. Some of the scam messages claim that the delivery of a package to the recipient has failed due to an error in the packaging address. Other versions claim that the parcel could not be delivered because nobody was home when the delivery driver arrived.

The recipient is instructed to click a link or open an attached file to find out more information about the supposed delivery failure.

The emails do not originate with Australia Post and the attachments or linked websites do not contain package delivery information. Instead, they harbour malware.
The characteristics of the malware payload may vary. Often, it will be ransomware designed to lock the files on the infected computer until the victim pays online criminals for the unlock code.  In other cases, the malware may be designed to steal collect sensitive information such as banking passwords from the infected computer and send it to the criminals.

Australia Post does not send generic, unsolicited emails about package deliveries that expect users to click a link or open an attached file to access information.

These malware messages are common and take many forms. Subject lines and other details in these fraudulent emails may vary considerably. If you receive one of these messages, do not open any attachments that they may contain. And, do not follow any links in the messages.

Australia Post has published information about these ongoing malware attacks on its scam alerts page.

Note that Australia Post is just one in a long line of delivery and postal companies that have been targeted in very similar malware campaigns, including FedEx, DHL, UPS, Post Express, and the Royal Mail. All versions claim to contain information about a pending or failed package delivery. In all versions, the attachment or website contains malware.



 

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer