Australia Post customers are the latest to be targeted with a convincing new phishing scam designed to steal their bank account details.
Customers have received text messages informing them that they have a package detained in the terminal and that in order to retrieve the package, they should click on a link to pay the freight fee.
The message looks deceptively real as it contains the official logo of Australia Post and if the individual has received any legitimate correspondence from the company in the past, the message appears in the same messaging thread.
This adds further legitimacy to the request and is enough to convince many unsuspecting individuals that the scam is real.
Image: Scam text message (source: News.com.au)
If the user clicks on the link, they are directed to a web page that informs them they have won a phone from Dick Smith. In order to claim their prize, they are asked to pay a $1 freight fee. Of course, there is no prize and it’s just a cunning way to trick the user into disclosing their bank account details.
In response to the scam, Australia Post issued a statement: “Australia Post has been made aware of fraudulent text messages that are circulating advising customers that they have a “package detained in terminal” and prompting them to click on a link.
“Please note that Australia Post will never email or text message you, asking you to click on a link to print out a receipt/label for parcel collection/tracking or to access your package.
“If you believe you have sent any personal information to a scam email address or entered it into a scam website and are worried that your identity may have been stolen, please call ID CARE on 1300 432 273 as they provide free services to victims of identity theft.”
Red flags to look out for on a suspicious email or text message include threatening language, a generic greeting, a sense of urgency, poor grammar, spelling mistakes, a mismatched URL, claims of prizes or a request for personal information.
How to protect yourself against Text Message Phishing
If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, get in touch to find out how we can help. MetaPhish has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.