Beware of scammers delivering malware this Christmas
Watch out for fake parcel delivery scams arriving in your inbox this Christmas, after $80,000 was reported lost to the ACCC this year, with 1,360 complaints. We’ve received over 100 reports of this scam already this December – more than last December, with only half the month gone. The ACCC is also seeing a significant increase in both personal and commercial information loss being reported to this scam, with over 350 reports this year compared to 250 in 2014.
“Scammers take advantage of the busy Christmas season to send you emails about a ‘missed parcel delivery’, purportedly from trusted services such as Australia Post or FedEx. The emails may be personalised with your name and address and look to be from a legitimate company complete with fraudulent logos,” ACCC Deputy Chair Delia Rickard warned.
“The email may mention a fee will be charged while they hold your undelivered item. Scammers ask you to open an attachment or download a file to retrieve your parcel. If you follow these instructions, an executable file (.exe) will load on to your computer and install ransomware as soon as it is opened.”
“Ransomware is a type of malware that freezes your computer and demands a ransom for you to be able to access your computer again. Scammers commonly ask for bitcoins or ask you to transfer money by wire transfer. Even if you pay the fee, there is no guarantee that your computer will be unlocked,” Ms Rickard said.
“If you receive an email about a package, don’t open any attachments or download files. Regularly back-up your computer’s data on a separate hard drive. Follow these steps to protect yourself this Christmas.”
Example of a scam email
- Australia Post will put a notice in your letter box if a package was undeliverable. Delete any email claiming to be from Australia Post about an undelivered package.
- Do not click on links or download files in emails you receive out of the blue - especially if they are executable (.exe) files or zip files. These files are likely to contain malware.
- If you are suspicious about a ‘missed’ parcel delivery, call the company directly to verify that the correspondence is genuine. Independently source the contact details through an internet search or phone book – do not rely on numbers provided.
- Buy yourself (or your business) a stand-alone hard drive for Christmas. These have become relatively inexpensive and can save you a lot if your computer is infected by malware or ransomware.
- Regularly back-up your computer’s data on a separate hard drive. If your computer is infected by malware or ransomware you can restore the factory settings and easily re-install all of your software and data.
You can report scams to the ACCC via the Scamwatch report a scam page. If the scammer has posed as a legitimate company, you should also report the incident to them. You can find more information on post scams on the Australia Post website.