Don’t Get Duped! How the Australia Post Missing Address Scam Targets Victims

Australia Post is one of the most widely used and trusted postal services in Australia. Unfortunately, scammers are now taking advantage of this trust by sending out fake Australia Post text messages designed to steal personal information and money. This emerging scam is something all Australians need to be aware of.

AU Post Scam

Overview of the Australia Post Missing Address Text Scam

Australia Post has long served as the primary postal service delivering letters and parcels to millions of homes and businesses across the vast continent. For over 200 years, Australia Post has reliably connected the far-flung cities and remote outback communities that make up the Australian landscape. However, this trusted reputation is now being exploited by scammers seeking to defraud unsuspecting victims.

In recent months, a clever new scam has emerged involving fraudulent text messages impersonating Australia Post. Scammers are sending SMS messages en masse to Australian phone numbers, claiming an Australia Post package is awaiting delivery but missing an address. The message prompts victims to click a link and enter personal information in order to “correctly deliver” the package.

In reality, the link leads to a fake website designed to mimic the real Australia Post site. Scammers use this fraudulent site to phish for personal details and payment information from victims expecting a real delivery. This relatively new scam tactic allows fraudsters to exploit multiple unsuspecting victims by hijacking the trusted branding and communication channels of Australia Post.

Mass Text Messages Enable Large-Scale Scamming

A key element enabling this scam is the use of mass text messaging, also known as SMS phishing or smishing, to cheaply and quickly reach countless potential victims. Whereas email phishing campaigns can be detected by spam filters, SMS messages have no such safeguards and reach the recipient’s phone instantly.

By auto-generating hundreds or even thousands of text messages per hour, scammers can blanket all of Australia with fraudulent Australia Post alerts. Even a low success rate still means many victims are hooked. And text messaging enables scammers to hide behind disposable “burner” phone numbers that are untraceable.

The impersonal nature of text messaging helps scammers remain anonymous while still leveraging a familiar brand. Recipients often assume a text is legitimate if it claims to come from a known entity like Australia Post. In reality, these unsolicited messages are almost always scams.

Fake Websites Complete the Deception

While SMS phishing initiates the scam, the fake Australia Post websites close the trap. Scammers design sites that expertly mimic the real Australia Post site in branding, images, web addresses, and overall user experience. These high-fidelity fakes convince victims they are on a legitimate site.

Some small details may seem “off” on close inspection, like incorrect postal codes or slightly mismatched colors. But victims are unlikely to scrutinize closely, instead expecting the site to be real based on the initial text prompt. Even savvy internet users can be fooled without carefully cross-checking the site’s details against the real Australia Post site.

This convincing fakery facilitates the scam by lulling victims into a false sense of security about inputting sensitive information like addresses, emails, and credit card numbers. Even relatively web-savvy Australians have fallen prey, losing hundreds or thousands of dollars in some reported cases.

Trust in Australia Post Ripe for Exploitation

The key to this scam’s success is exploiting Australians’ long-established trust in Australia Post and its familiar online properties. As the national postal service for over 200 years, Australia Post has cemented its reputation as a household name brand.

Scammers take advantage of this hard-earned reputation by impersonating the Australia Post name and messaging. Victims naturally assume communication from Australia Post must be legitimate, especially if they are awaiting a real delivery. By the time they realize it’s a scam, sensitive information has already been compromised.

In essence, scammers are hijacking the Australia Post identity to borrow the trust and familiarity associated with this historic brand. Australians’ inherent faith in postal services makes the deception easier to pull off while maximizing potential victims.

Fraudsters Seek Both Money and Identity Theft

These scammers have dual motivations for executing this fraud scheme. First, they aim to steal private financial information for monetary gain. Victims may be asked for credit card details to pay a small “delivery fee”, allowing scammers to steal funds or commit identity theft.

Second, collecting personal information like home addresses facilitates broader identity fraud even without direct monetary theft. Full names, emails, phone numbers and other details are highly lucrative on the black market and dark web. This focus on stealing information, not just money, makes the scam harder to detect.

In the end, the scammers behind this scheme win either way. Every piece of personal data and payment information helps open more avenues for profit through fraud and theft. As more Australians receive these phony texts and emails, major awareness is needed to combat this scam.

How the Australia Post Missing Address Text Scam Works

Scammers executing this scam rely on careful planning and precise execution. Here is exactly how the Australia Post missing address delivery scam operates at each step of the process:

Step 1: Scammers Send Fake Australia Post Texts

The scam starts with text messages sent en masse to Australian phone numbers. The messages are sent from a variety of numbers to increase the likelihood of reaching real Australia Post customers. The messages themselves are designed to appear as if they come directly from Australia Post.

Here is an example of the text message victims may receive:

“AustraliaPost: Important – Your package has arrived at our facility but is missing an address. Please click below to add your address. Failure to do so will result in return to sender.

Please update your delivery address within 24 hours. Thank you.”

The text contains no glaring red flags that would immediately identify it as fake. The biggest initial indicator is that Australia Post does not typically initiate communication via text message. But many recipients may not be aware of this and assume the message is real.

Step 2: Victims Click on the Fake Australia Post Website Link

If the message recipient is expecting a package from Australia Post, they are highly likely to click the link. The domain seems legitimate at first glance, further building trust. Victims are taken to a fake website built to closely mimic the look and feel of the real Australia Post site.

The website maintains the ruse by using official Australia Post branding and colors. Images of Australia Post postal vans and uniforms help drive home the illusion. Only on close inspection would victims notice small inconsistencies revealing the site as fake. But at first glance, most would assume the site is legitimate.

Step 3: Victims Enter Personal Information

On the fake website, victims are prompted to enter their name, phone number, and address in order to “correctly” deliver their package. Scammers need this personal information to execute identity theft and other frauds.

Victims comply by entering details like their full name, home address, email address, and phone number. Email addresses are especially prized, as scammers can use them for future phishing attacks.

Step 4: Victims Pay a Small Shipping Fee

After submitting their personal info, victims are taken to one final page. Here they are told that a small shipping fee, usually between $5-10 AUD, is required to complete the delivery. In reality, this allows scammers to directly profit off the scam.

The low dollar value makes it seem harmless, so many victims feed their credit card information into the payment forms on the fake site. With this last step, scammers have now obtained both money and personal information.

Step 5: Scammers Disappear and Use Stolen Information

After victims pay the fee, the scam is complete. Scammers immediately disable the fake site and disappear with the stolen loot.

Personal information is sold on the dark web or used for identity theft. Stolen credit cards are charged for fraudulent purposes. And victims are left confused when their “package” never arrives. By then, it’s too late.

This simple but devastatingly effective scam has allowed scammers to profit off countless unsuspecting Australians. A few small tweaks to the usual phishing scam format allows them to execute highly targeted fraud.

How to Spot This Scam

While scammers are getting better at disguising their Australia Post impersonation attempts, there are still key signs that can help recipients identify these fraudulent messages and websites:

  1. Be Wary of Unsolicited Texts Claiming to be Australia Post

Australia Post will not send unprompted text messages to customers regarding packages. Any such SMS messages should be treated as scams, especially if links or personal information are requested. Only communicate with Australia Post through official channels you initiate.

  1. Inspect Links Carefully Before Clicking

Scam text messages will include links to fake Australia Post sites. Closely examine the URL for misspellings, unusual domains, and slight differences from the real postal website. Hover over the link to compare the URL preview with the visible text.

  1. Watch for Strange Requests on Websites

Fake sites will ask for personal and payment details unnecessary for Australia Post delivery. Providing addresses or paying shipping fees just for delivery is not standard practice. If requested, you are likely on a scam site, not the real Australia Post page.

  1. Compare Details Closely to Real Australia Post Sites

Scammers mimic official branding and messaging, but their imitation sites will contain small mistakes in images, colors, addresses and more. Carefully cross-check all details against the authentic website to identify inconsistencies suggesting fraud.

  1. Contact Australia Post to Confirm Legitimacy

If a text message or website seems suspicious, reach out to Australia Post customer service at 13 76 78. Representatives can confirm the communication is real or fraudulent. Only provide information directly through official customer service channels you initiate.

With vigilance and awareness of common scam indicators, Australians can avoid falling victim and protect their identities and finances. Being cautious of all unsolicited contact and verifying legitimacy directly with Australia Post is key to sidestepping these malicious fraud attempts.

What to Do if You Fall Victim to the Scam

If you receive one of these fraudulent Australia Post texts and fall victim by inputting your information, all is not lost. Here are the steps you should immediately take to limit the damage:

Step 1: Contact Australia Post

Your first call should be to the Australia Post customer service line at 13 76 78. Advise them that you received a fraudulent message and gave information on a fake website. Australia Post may be able to take down the site if it is still active.

Step 2: Monitor Accounts Closely

Carefully monitor bank and credit card statements for any signs of fraudulent charges over the next few weeks. Scammers like to work quickly once they have payment information, so unauthorized charges could show up very fast. Immediately report anything suspicious.

Step 3: Reset Passwords

For any account linked to the email you provided, initiate password resets immediately. Scammers with access to your email can wreak havoc by compromising or accessing sensitive accounts and information. Resetting passwords locks them out.

Step 4: Contact Your Bank

Contact your bank and credit card companies to place holds on your accounts if any card information was compromised. This prevents scammers from being able to make additional fraudulent charges. Monitoring statements is also critical.

Step 5: Place Fraud Alert

Contact credit bureaus like Equifax and Experian to place a fraud alert on your name and personal information. This alerts lenders to be extra diligent in validating your identity for new lines of credit. It’s an important layer of protection against identity theft via the stolen info.

Step 6: File Police Report

File a report with local law enforcement regarding the fraud. Provide all details of the interaction including the phone number the text came from and the link destination. Police may be able to trace digital footprints back to the scammers.

Step 7: Report Fraud to Scamwatch

Contact Scamwatch to report being victimized by this Australia Post scam. Provide all available details. Your report helps authorities track and respond to emerging fraud threats targeting Australians.

Frequently Asked Questions About the Australia Post Missing Address Text Scam

1. What is the Australia Post Missing Address Text Scam?

The Australia Post Missing Address Text Scam involves fraudulent text messages sent to Australian phone numbers claiming an Australia Post package is awaiting delivery but missing an address. The message includes a link to submit your address but actually leads to a fake website impersonating the real Australia Post. Scammers use this tactic to steal personal information and money from victims.

2. How do scammers send text messages impersonating Australia Post?

Scammers use automation tools to send hundreds or thousands of SMS text messages per hour to Australian phone numbers. The messages come from a variety of burner phone numbers that cannot be traced back to the scammers. This mass texting approach allows them to cast a wide net for potential victims.

3. What do the fake Australia Post text messages say?

The messages claim to be from Australia Post, stating that a package intended for you has arrived but the delivery address is missing. The message provides a link you must click to submit your address so the package can be delivered. An example message is:

“AustraliaPost: Important – Your package has arrived at our facility but is missing an address. Please click below to add your address. Failure to do so will result in return to sender.

4. How closely do the fake websites mimic the real Australia Post website?

Very closely. The fraudulent sites use the Australia Post logo, colors, images and branding to appear as real as possible. Only small mistakes like incorrect postal codes may indicate it is fake. Scammers know victims won’t scrutinize the site too closely after receiving the initial text prompt.

5. What personal information do the scammers try to steal?

The fake sites will ask for your full name, home address, email address, phone number and sometimes credit card information. Scammers steal this info for identity theft purposes and to sell on the dark web. Your email in particular can be used for future phishing scams.

6. Do the scammers also try to steal money directly?

Yes. After collecting your personal info, the site will prompt you to pay a small shipping or delivery fee, usually $5-10 AUD. This allows scammers to directly profit from victims in addition to stealing identities. Even small charges add up with the volume of victims targeted.

7. How can I avoid falling victim to this Australia Post scam?

Remember Australia Post does not initiate communication via text messages. Any SMS claiming to be Australia Post is fraudulent. Carefully inspect all links before clicking. Do not provide info or pay on any site you accessed via an unsolicited text. Only visit Australia Post’s website directly or call 13 76 78 to verify messages.

8. What should I do if I fell victim to this scam?

If you provided info or paid fees to a fraudulent site, immediately call Australia Post to notify them. Monitor accounts for fraudulent charges. Reset passwords on any accounts associated with the compromised email. Place fraud alerts and file a report to assist law enforcement in tracking down the scammers.

9. Who can I contact to report this scam?

Notify the Australia Post customer service line at 13 76 78. File a report with your local police department. Report details to Scamwatch so they can investigate the scam. The more reports filed, the better chance scammers will be caught and prosecuted.

10. How can I learn more about the Australia Post Missing Address Text Scam?

Read scam alerts and security tips on the Australia Post website. Check the Scamwatch website for up-to-date details on current scams impacting Australians. Search online to find victims’ first-hand experiences and media reports investigating this scam and others like it.

The Bottom Line

The Australia Post missing address delivery scam is a bold attempt by scammers to hijack a trusted brand and directly target Australian residents waiting on package deliveries. By sending fake texts and mimicking official websites, scammers are able to steal personal information and money from unsuspecting victims.

The best way to protect yourself is simply being aware that Australia Post does not initiate communication via text message. Any such messages should be considered fraudulent. If you mistakenly provide information or payment, act quickly to limit potential fallout from identity theft and unauthorized charges. And report details to Australia Post, law enforcement, and antifraud authorities so this scam can be stopped.

Stay vigilant about any contact claiming to be from government agencies or trusted brands requesting personal information or payment. Going straight to the official website or calling the real customer service line is the best way to verify legitimacy and avoid becoming the victim of increasingly clever phishing and smishing scams.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.


    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment