Hackers are using fake emails that appear to have originated from the Australian Post to trick unsuspecting shoppers into clicking on malicious links in a new wave of cyber attacks; it has been reported.
By Tuesday, reports started emerging that thousands of people were receiving emails that purported to have originated from the Australian Post, asking them to reconfirm their details or addresses to receive parcels from unknown senders.
When individuals clicked on the links that appeared to lead to the Australian Post website, they ended up falling victim to a well-choreographed cybercrime syndicate. It has been reported that the link appearing in the email leads to a fake Australian Post website that the hackers use to steal the personal information of their victims.
‘In this case, you can clearly see that the URL of this phoney website has something fishy – a tk extension and this should tell you that this is a fake website,’ says Nikolas Haritos of Cyber Security Essentials, a cyber security firm.
It has been noted that criminals are becoming more sophisticated in the manner in which they conceptualise and execute their attacks.
In the Australian Post scam, the criminals behind the scam seem to have taken the time to create fake websites that are real replicas of the genuine Australian Post website.
‘the fake websites are so similar to the real Australian Post website that a user who is not careful enough can easily land on the page and end up losing important personal information, Haritos added.
Also, the fake email contains all the essentials that one would expect from a real email originating from Australian Post, it has been observed. The fonts and even graphics of the fake email are quite similar to those that are used in legitimate emails sent by Australian Post; it has been reported.
But what may get many people rattled is the manner in which the criminals behind this scam are managing to evade standard spam-detection malware in commercial webmail services.
It has been noted that the criminals are using a new type of trick called content spinning.
‘After the criminals constantly change some words and sentences in the title and body of the email messages before they send them out, traditional antivirus programs fail to detect the emails as malicious,’ Haritos noted.
The fact that the criminals can make the fake emails appear genuine increases the level of risk for the general user.
Australian Post, on its part, has said that these forms of attacks have now become common across all industries. The organisation has advised its customers to be vigilant and avoid clicking on links in emails that they cannot verify to have come from a genuine source.