Club Cobra - Be very careful with Tracking parcels online from Auspost

Club Cobra (http://www.clubcobra.com/forums/)

- Australian Cobra Club (http://www.clubcobra.com/forums/australian-cobra-club/)

- - Be very careful with Tracking parcels online from Auspost (http://www.clubcobra.com/forums/australian-cobra-club/134053-very-careful-tracking-parcels-online-auspost.html)

Be very careful with Tracking parcels online from Auspost

Hi Guys,

Excuse the long post.

Knowing you guys get little Cobra parcels like me I thought I’d give you a heads up.

Essentially when you get an ePost parcel delivered you can track it via their Auspost website.

All good so far.

There is an option to enable them to send you emails to alert you of the various stages of delivery etc.

Once I enabled this coincidentally within an hour I received an official looking Auspost email from “afp@delivery.com/xxxxx” saying “Nobody was home – click on the label link below to printout your label and take it to the post office and get your parcel etc”

My guard was up as I was getting the parcel delivered to my office and someone is always home there.

When I hovered over the graphic link for the label printout it was some xxxx.kz or xxxx.ru link (Russia or Kazakhstan)

My National IT Security Manager sits right next to me and I got him over to have a look and he said “don’t click on that, you have been the subject of a “targeted spear phishing attack””. (Google it :-) )

He said this is pretty sophisticated as it means someone is tracking people registering for Auspost parcel tracking emails and then sending the bogus email to attack their machines – he said if I had of clicked on the link it would have locked my machine where they ask for ransom money to unlock etc.

There is an alert (auscert) out about the bogus emails – but not about them somehow figuring out you are expecting a parcel (this is the sophisticated bit).

Moral of the story – be very careful of stuff looking like it comes from Auspost – and try and hover over the links and if they are not auspost.com etc then delete immediately.

If unsure delete immediately.

Cheers

Gregg

Thanks for the heads up Gregg, I use the AusPost email service quite often. I would report this to AusPost because they have an obligation to protect your privacy and it's very simple for them to do so (install SSL).

The AusPost tracking page (below) is not using HTTPS (secure HTTP), meaning scammers can eavesdrop on traffic between your web browser and the AusPost website. When you enter your email address and click "Subscribe", your email address is sent to the AusPost website and it is not encrypted. Anyone scanning the network will be able to read that information if they know what they're doing.

Track your item - Australia Post

General rule - if you don't see a padlock icon next to the URL or down the bottom of the page, any data you send to the website is open for attack.

If you're on a desktop you can always right-click inside the browser and select "view page info". Google Chrome will tell you "your connection to this site is not private".

Hi Paul, Yes our IT Security Manager is reporting it to Auspost and Auscert etc.

Pretty crazy how they don't use HTTPs/SSL encryption etc

cheers Gregg

Thanks Gregg,

Was just reading your post to my wife, she said she got such an email this morning. Fortunately our antivirus flagged it and she deleted it immediately.

Cheers

Geoff

Virus emails have gone nuts lately. The company I work for has received more than 80,000 emails supposedly from Aust Post, ATO and Westpac just in the last week. Crazy!

You're right Craig, Chatting to my peer who consults on IT Security yesterday, he said its got to the point where "bad guys" can subscribe to a "online Service" that does it for them. Scary stuff.

Theres two places I always use when I am a bit suss:

Hoax-slayer - website for low level hoax emails etc
auscert.org.au - a bit techy though

Be careful out there.

Its much safer working and driving our Cobra's :-)

Cheers Gregg