‘Delete it immediately’: Aussies warned over new email scam

Australians who are waiting for a parcel to arrive are being warned over a new DHL email scam.

The email, which pretends to be from the major shipping company, tells its recipients that they have a package that was unable to be delivered to their home.

Email security firm MailGuard, warned it is now blocking the new phishing scam.

Watch the latest news and stream for free on 7plus >>

The subject of the email reads “DHL Shipping Documents” and the sender appears to be from “DHL Express”.

However, the email is actually from a fake account.

At the top of the email, there is also a preview of Excel and PDF documents, which can be viewed or downloaded.

“Below this, the scammer has recreated the DHL logo and warns the recipient that their packages were unable to be delivered due to an incorrect address,” MailGuard said.

“They’ve also included a number of fake details, such as the scheduled delivery date, tracking number, and service option, in an attempt to feign authenticity.”

Clicking the attachment links takes the recipient to another page, a phishing site, that replicates a Microsoft SharePoint page.

There they are asked to enter their email address and password in order to access the files.

However, if you enter your details a “Network error” message will appear and by this point your details will have been stolen by scammers.

“Scammers are always on the lookout to steal Microsoft credentials as they serve as the gateway to a business’s sensitive data and systems,” MailGuard said.

“MailGuard advises all recipients of this email to delete it immediately without clicking on any links.”

MailGuard urges users not to click links or open attachments within emails that:

• Are not addressed to you by name;
• Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include;
• Are from businesses that you were not expecting to hear from; and/or
• Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.

Meanwhile, Avast cybersecurity expert Stephen Kho warned that Australia was in the midst of a “scamdemic”.

“There is a clear disconnect between Australians’ perceived confidence in ability to identify a scam and the increasing amount of money being lost to scams every year,” he told 7NEWS.com.au.

“In reality, this is being further fuelled by our own fear of embarrassment, with half of Australians admitting they would feel embarrassed if they fell for a scam despite the prevalence and sophistication of some of these scams, as scammers get sharper with their tools and scams become increasingly more targeted to individuals’ situations.”

What to do

Kho says if any of the following applies, it may mean you are being contacted by a scammer:

• The sender’s name is vague, and the email address is long or convoluted;
• The sender’s phone number is international or an unknown local phone number;
• The email or message is attention-grabbing or alarmist;
• The call you have received is from an unknown number with a robo-speaker;
• The email or message urges immediate action of some kind;
• The email, message or call cites some pretence for seeking your personal information, including asking you to log in or confirm your details on a website;
• The email or message requests payment or a transfer of funds; and
• The email or message urges you to click hyperlinked text or a link without clarifying what you are clicking.

Australians can report scams to the Australian Competition and Consumer Commission via the report a scam page.