Track Advice Notification scam email
Another phishing email claiming that the recipient has a parcel awaiting pickup has been detected this morning. This latest phishing campaign tries to fool the user into clicking on a link by using the authentic sounding subject line of “Track Advice Notification”. The rest of the email however is quite plain. The email purports to be from Australia Post. It is a scam email, and can be deleted.
If you take a look at Figure A, you’ll see that this email is very simple. The full subject line of the email is “Track Advice Notification: Consignment RYR<6 digit number>”. The six digit number does vary from email to email. The sender of the email is listed as “Australia Post”. There is one link contained in the email. The link uses anchor text that looks like an Australia Post site.
As the email says, a courier supposedly attempted delivery of a parcel. The email murkily then states that the recipient needs to print out a label and take it to the post office. This is (apparently) to allow the recipient to collect the parcel. The recipient is told to click on the link in the email.
This email may be simple, but it is dangerous. The link in the email goes to a site that attempts to download ransomware. As mentioned previously, ransomware will attempt to encrypt files on the victim’s PC and in many cases (such as CryptoLocker) will also encrypt files on network drives.
There are two signs that this is a fake email. Firstly, the grammar is clumsy in places. The second sign is the link. Although it looks legitimate, remember that the text in the email is the anchor text. It is not the actual URL. Mousing over the link shows that it does not go to Australia Post. It leads to a malicious site that attempts to serve ransomware. Delete this email.
Australia Post have a page dedicated to phishing scams such as these.
Scott Reeves
MailShark
Free anti-spam service
Free email filter service