Australia Post has warned people to be wary of a new highly advanced scam circulating through thousands of email inboxes.
Scammers are scraping data from social media that allows them to personalise fraudulent emails and trap would-be victims into opening an attachment.
That attachment contains what security experts say is a new type of ransomware called “Locky”.
Mailguard, the anti-virus and security company that discovered the virus this week, said that by scraping personal information such as full name, location and workplace from public profiles on social media sites, the cyber criminals could deliver highly personalised attacks.
The email appears to originate from Australia Post, telling the reader a package has arrived for them at a local AusPost store and encouraging them to download shipping information via an attachment.
“The Australia Post scam shows how cyber criminals are using increasingly sophisticated social engineering techniques to adapt campaigns to make them more and more successful,” Mailguard said on its alert website post.
Look for a card in the letterbox, not an email
An Australia Post spokesman confirmed a number of scam emails were circulating claiming to be from the company.
“Australia Post leaves a card in the letterbox if the customer is not at home to receive a parcel. We don’t ask customers to click on a link before picking up an item awaiting collection,” he said.
“Australia Post alerts customers to scams through information on our website, social media, and to subscribers of the Australian Government’s Stay Smart Online alert service.
“Our staff also receive regular training and updates on the importance of vigilance in relation to scams and we encourage customers to visit their local post office or call our customer contact centre on 131 318 if they have concerns.”