Be wary of parcel email scam: ACCC

Shoppers should be on the lookout for emails from a fake parcel delivery scam this Christmas, warns the Australian Competition and Consumer Commission.

The ACCC's Scamwatch has received more than 4300 complaints about this scam this year, more than triple the number received in 2015.

More than 300 people reported providing their personal information to scammers, including bank account details.

"Unfortunately this scam is particularly effective during the holiday season with so many Australians going online to buy Christmas presents," says ACCC Deputy Chair Delia Rickard.

"There is nothing festive about this scam - scammers will use it to steal your personal information and lighten your wallet."

She said scammers typically send emails pretending to be from Australia Post or FedEx, in some cases including the recipient's name and address as well as company logos.

"The email may threaten to charge you a fee for holding your 'undelivered item', and will ask you to open an attachment, click a link or download a file to retrieve your parcel."

The attachment usually contains a ransomware virus that locks the user's computer.

"To unlock your computer, scammers demand payment in the form of bitcoins (a form of online currency) or wire transfer," Rickard said.

"Even if you pay the fee, there is no guarantee that you will be able to access your computer again."

She stressed that Australia Post does not demand payment for undelivered parcels.

"Australia Post will never call you out of the blue to request payment or send you an email asking you to click on an attachment.

"If you receive an email about an undeliverable package, don't open any attachments or download files - delete it straight away."

Tips to protect yourself

• Australia Post will put a notice in your letter box if a package was undeliverable. Delete any email claiming to be from Australia Post about an undelivered package.
• Do not click on links or download files in emails you receive out of the blue - especially if they are executable (.exe) files or zip (.zip) files. These files are likely to contain malware or ransomware viruses.
• If you are suspicious about a 'missed' parcel delivery email, call the company directly to verify that the correspondence is genuine. Independently source the contact details through an internet search or phone book - do not rely on numbers provided in the suspicious email.
• Regularly back up your computer's data on a separate hard drive. If your computer is infected by malware or ransomware you can restore the factory settings and easily re-install all of your software and data
• Buy a standalone hard drive. These have become relatively inexpensive and can save you a lot if your computer is infected by malware or ransomware.

Get stories like this in our newsletters.