Australia Post customers are the latest to be targeted with a convincing new phishing scam designed to steal their bank account details.
Customers have received text messages informing them that they have a package detained in the terminal and that in order to retrieve the package, they should click on a link to pay the freight fee.
The message looks deceptively real as it contains the official logo of Australia Post and if the individual has received any legitimate correspondence from the company in the past, the message appears in the same messaging thread.
This adds further legitimacy to the request and is enough to convince many unsuspecting individuals that the scam is real.
Image: Scam text message (source: News.com.au)
If the user clicks on the link, they are directed to a web page that informs them they have won a phone from Dick Smith. In order to claim their prize, they are asked to pay a $1 freight fee. Of course, there is no prize and it’s just a cunning way to trick the user into disclosing their bank account details.
In response to the scam, Australia Post issued a statement: “Australia Post has been made aware of fraudulent text messages that are circulating advising customers that they have a “package detained in terminal” and prompting them to click on a link.
“Please note that Australia Post will never email or text message you, asking you to click on a link to print out a receipt/label for parcel collection/tracking or to access your package.
“If you believe you have sent any personal information to a scam email address or entered it into a scam website and are worried that your identity may have been stolen, please call ID CARE on 1300 432 273 as they provide free services to victims of identity theft.”
Red flags to look out for on a suspicious email or text message include threatening language, a generic greeting, a sense of urgency, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information.
How to protect yourself against Text Message Phishing
- Delete text messages that ask you to confirm or provide personal information – Legitimate companies won’t ask you to supply sensitive information such as account numbers or passwords via text message.
- Don’t click on any links within the text message – There’s a good chance that if you click on the link, you will be directed to a phishing website or your device will be infected with malware.
- Avoid storing bank account or credit card details on your phone – If your phone gets infected with malware, the crooks won’t be able to gain access to this sensitive data.
- Install Anti-virus software for mobile – There are a range of anti-virus software solutions for mobile that will eliminate malicious activity.
- Keep your phone’s operating system up to date.
- Don’t reply to the text or call the number back – This just alerts the crooks that the number is active, and you may end up receiving more scam texts and calls.
- Call the company directly to confirm the text’s authenticity- Source the number from the company’s official website and confirm if the text message is legitimate.
If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, get in touch to find out how we can help. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combating cyber-crime.