Australia Post has issued a warning about a new scam exposing countless of its customers to massive personal and financial losses.
The scam, known as ‘Darcula’, involves sending fradulent messages purportedly sent by Australia Post, advising customers that their delivery had failed due to an invalid post code.
Customers are then asked to click on a link to a page that appears similar to Australia Post’s website where they are asked to provide personal information.
Australia Post shared the alert on its website on Friday, reminding Australians it would never call, text or email customers to request access to personal or financial information or payment.
It also shared new research which found nine in 10 Aussies have received a scam text or call while nearly three-quarters have been targeted by scams mimicking parcel delivery services.
‘Scammers prey on busy lifestyles and the excitement and urgency in waiting for a package’, Australia Post chief information security officer Adam Cartwright said.
‘The safest way to track your deliveries is directly through the official AusPost app. If you’re expecting a parcel, don’t click on suspicious links or respond to unexpected messages — always check the app first.’
Hacker and founder of Sydney-based cybersecurity firm Dvuln Jamieson O’Reilly told Daily Mail Australia the consequences of falling prey to a Darcula scam could be dire depending on how far the scammer was willing to go.
An example of a ‘Darcula’ scam text prompting a customer to click on a link to an authentic-looking landing page
Australia Post has warned its customers about a ‘Dracula’ scam
Darcula scams leverage the trustworthiness of well-known brands like Australia Post to gain access to sensitive information
‘As soon as the victim enters their details, the information appears in the criminal’s dashboard. They can watch it live and immediately use the information,’ he said.
‘They might drain bank accounts, steal identities, or sell the information on dark web forums.’
Mr O’Reilly said the scam was an example of a ‘Phishing-as-a-Service’ platform.
‘It gives cybercriminals a turnkey solution to launch sophisticated brand impersonation campaigns,’ he said.
‘Unlike older phishing kits that rely on hackers cloning legitimate websites and using these static phishing pages, Darcula is a little more innovative.
‘It’s offered as a subscription-based cybercrime toolkit that makes it incredibly easy for scammers to launch fake websites that look like trusted brands such as Auspost or DHL.’
Mr O’Reilly said the new scam recently entered its third iteration, opening the field to less-skilled scammers who can benefit from the increasingly automated platform.
‘Criminals don’t need to be technical. They just pick a brand, choose a scam message (like “you missed a parcel”), and Darcula sets everything up for them,’ he said.