The Australian Competition and Consumer Commission has warned of a Christmas ransomware scam triggered by emails notifying Australians to pick up parcels from the post office.
"If you are expecting delivery of a gift for family or friends, or might receive a present, it's important to beware of these scams arriving in your inbox," said ACCC deputy chairperson Delia Rickard.
Emails disguised as ones from reputable delivery companies like Australia Post or FedEx – some even customised with the recipient's name and address – state that a parcel delivery has been missed and that instructions for pick up are attached.
The attachment or the hyperlink then infects the computer with ransomware. The ACCC said a variation on the scam offers a re-delivery upon a $10 to $30 wire or credit card payment. Scammers then not only benefit from the payment, any financial details garnered from the transaction is vulnerable to further misuse.
Rickard said that already this year $100,000 had been lost to parcel scams, generating more than 400 complaints to the consumer watchdog. But with the festive season the peak time for parcel deliveries, the public needed to be especially vigilant this month.
"If you are suspicious about a 'missed' parcel delivery, call the company directly to verify that the correspondence is genuine and do not click on the links or attachments," said Rickard. "Independently source the contact details through an internet search or phone book – do not rely on numbers provided.”
Rickard also said that purchasers have most likely already paid for delivery costs so should be wary of further charges: "If you think you have provided your banking or credit card details to a scammer contact your bank or financial institution immediately."