-
Australia Post issues major scam warning
-
EXPLORE FURTHER: Entrepreneur raises warning about a malevolent emerging fraud scheme
Australia Post has alerted the public about a fresh scam that has put numerous customers at risk of significant personal and financial loss.
The fraud scheme called ‘Darcula’ entails distributing fake messages allegedly from Australia Post, informing recipients that their deliveries have been unsuccessful because of an incorrect postal code.
Customers are subsequently prompted to click on a link directing them to a webpage that closely resembles the official Australia Post site, where they will be required to submit their personal details.
Australia Post shared the alert on its website on Friday, reminding Australians it would never call, text or email customers to request access to personal or financial information or payment.
It also shared new research which found nine in 10 Aussies have received a scam text or call while nearly three-quarters have been targeted by scams mimicking parcel delivery services.
‘Scammers prey on busy lifestyles and the excitement and urgency in waiting for a package’, Australia Post chief information security officer Adam Cartwright said.
‘The safest way to track your deliveries is directly through the official AusPost app. If you’re expecting a parcel, don’t click on suspicious links or respond to unexpected messages — always check the app first.’
The hacker and founder of the Sydney-based cybersecurity company Dvuln, Jamieson O’Reilly, informed Daily Mail Australia that the repercussions of becoming a victim of a Darcula scam could be severe, varying based on the extent to which the fraudster was prepared to go.
‘Second the moment the victim inputs their information, it shows up on the criminal’s dashboard. This allows them to view it in real-time and utilize the data right away,’ he explained.
They could empty bank accounts, pilfer personal details, or trade this data on clandestine online message boards.
Mr O’Reilly stated that the scam was indicative of a ‘Phishing-as-a-Service’ platform.
He mentioned that this provides cybercriminals an out-of-the-box solution to initiate complex brand impersonation attacks.
‘Unlike older phishing kits that rely on hackers cloning legitimate websites and using these static phishing pages, Darcula is a little more innovative.
‘It’s offered as a subscription-based cybercrime toolkit that makes it incredibly easy for scammers to launch fake websites that look like trusted brands such as Auspost or DHL.’
Mr. O’Reilly stated that this new scam has recently reached its third version, which broadens access to less experienced fraudsters leveraging an increasingly automated system for their advantage.
‘Thieves don’t require technical skills. They simply select a brand, pick a scam message (such as “you missed a package”), and Darcula handles all the setup,’ he explained.
Read more
