The Australian Competition and Consumer Commission (ACCC) is warning consumers and businesses to watch out for a fake parcel delivery scam email which purports to be from Australia Post or FedEx.
The email claims that the recipient has missed a parcel delivery. The emails may be personalised with the customer’s name and address and include Aus Post or FedEx logos.
In addition, the email may mention a fee will be charged while they hold the person’s undelivered item.
The scammers also ask the person to open an attachment or download a file to retrieve the parcel. However, if the person follows the instructions, an executable file will load on to the computer and install ransomware as soon as it is opened.
ACCC deputy chair Delia Rickard warned that scammers commonly ask for Bitcoins or request that the person send money by wire transfer.
“Even if you pay the fee, there is no guarantee that your computer will be unlocked,” she said.
“If you receive an email about a package, don’t open any attachments or download files. Regularly back-up your computer’s data on a separate hard drive. Follow these steps to protect yourself this Christmas.”
Rickard added that Australia Post does not send emails about undelivered packages. The postal service will put a notice in the recipient’s letter box if a package was undeliverable.
“If you are suspicious about a ‘missed’ parcel delivery, call the company directly to verify that the correspondence is genuine. Independently source the contact details through an Internet search or phone book – do not rely on numbers provided.”
She also recommended that people buy a stand-alone hard drive for Christmas.
“These have become relatively inexpensive and can save you a lot if your computer is infected by malware or ransomware,” said Rickard.
There has been a “significant surge” in the number of ransomware attacks in Australia, according to the inaugural Australian Cyber Security Centre (ACSC) survey of major Australian businesses which was published this week.
Seventy-two per cent of respondents in the survey (PDF) experienced ransomware-linked incidents in 2015, the survey found.