Silly season scams set to soar as AFP warns of fake delivery texts

The Australian Federal Police is bracing for a surge in Australians falling prey to fake delivery scams as criminal syndicates exploit the Christmas shopping period.

The scams use legitimate-looking text messages to trick people into handing over personal details, which are then sold on the dark web for a profit or used to dupe victims out of thousands of dollars.

A busy Australia Post parcel distribution centre.Credit:Nick Moir

The messages claim to be a status update of a delivery and encourage the recipient to click on a link to track, re-direct or collect a parcel. Sometimes they ask the recipient to confirm a postal address.

Scammers often use a technique known as “spoofing” – which uses software technology to disguise a phone number and make it appear as though it is from a legitimate source – to impersonate businesses and popular delivery services, including Australia Post, DHL and Amazon.

Once the recipient opens the link, they are taken to a fake company website, where they are asked to enter their personal details to complete the delivery.

The scams are designed to harvest personal and financial information from the victim and install malware on their device, which allows criminals to gain access to their usernames and passwords.

The Australian Competition and Consumer Commission estimates Australians lost more than $2 billion to scams in 2021. That figure is expected to jump to more than $4 billion at the end of this year.

Phishing is the most common type of scam, with more than 57,000 instances of suspicious calls and messages reported by consumers to the commission in the first 10 months of this year.

AFP cybercrime operations commander Chris Goldsmith said criminals sought to exploit people who were stressed and less attentive in the lead-up to the holiday period, particularly those expecting multiple deliveries.

He said criminals used the information harvested through the scams to steal money from the recipient’s bank account, apply for loans under their name or sell their information online to other criminals for a profit.

Example of a fake delivery text encouraging consumers to click on a link.Credit:Australian Federal Police

“Scam activity, in particular, is profit-driven,” he said. “Whatever the criminals can do to monetise the information they steal from the public, they’ll do that.”

Goldsmith said online cybercrime services offering “phishing kits” and other spoofing software to wannabe scammers had flourished over the past few years.

Last month, two Victorians were charged as part of an international police investigation into a spoofing website believed to have swindled victims out of tens of millions of dollars.

The site, which was taken down by UK authorities as part of what was described as the “biggest ever fraud operation” in British history, offered software services to scammers for as little as $36.

Red flags to look out for

  • Unsolicited messages about an unknown order.
  • Unexpected requests for payment.
  • Requests for personal or financial information to confirm an order.
  • An unexplained sense of urgency.
  • Grammatical errors in websites and messages.
  • Misspelled or suspicious URLs that don’t match those of the legitimate service.
  • Different style or tone from previous messages from that business or service. 

Goldsmith urged consumers to check the legitimacy of messages and look for red flags – including grammatical errors, requests for personal data and suspicious URLs – before clicking on a link.

Most delivery companies, including Australia Post and Amazon, do not contact customers via phone or email to request personal information, payment or the installation of software.

An Australia Post spokeswoman said unbranded web addresses and an unusual sense of urgency in messages were also signs of fraudulent texts.

“We’re seeing a greater public awareness of scams and cybersecurity, however, we encourage customers to be aware of how to spot a scam,” she said.

Amazon said it had spent more than $900 million worldwide to hire an additional 12,000 workers to fight cybercrime and online fraud, adding it had “zero tolerance for fraud”.

“Amazon impersonation scams put our customers at risk, and while these happen outside our stores, we will continue to invest in protecting them,” the statement read.

A DHL spokesperson advised people to always use the official DHL website and refrain from disclosing personal information.

Those who believe they might have fallen victim to cybercrime should contact their bank and lodge a report online with the Australian Cyber Security Centre. If the scam uses the Australia Post branding, it can also be reported to [email protected]

The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.

Most Viewed in National

From our partners

Source: Read Full Article