Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you
Using a smartphone

Australia Post scam hitting SMS, how can you tell it’s a scam

You get an alert that a package has been detained, and it says “Australia Post” on the SMS. Is it real, and how do you know?

We’re so used to seeing scams that when another pops up, we just call it a weekday. Simply put, scams are arriving with such regularity that it’s more unusual when we don’t hear about people trying to be conned.

However this week, Australia Post chimed in on news with information that people were being targeted by scammers pretending to be Australia’s national post organisation.

It’s bad news for everyday Australians, with scammers using a loophole in SMS to get their scams counted under the same thread where Australia Post messages to phones tend to land.

Scammers can use bulk SMS send services online with an “Australia Post” name to make their messages fit in with a regular Australia Post SMS thread, and therefore look more realistic. Doing so has the potential to get more hits, as unsuspecting victims will assume the message is from Australia Post, rather than checking.

Australia Post has been rather quick to alert customers about the scam, but stopped short of explaining where you can see the message is a fake.

Proving the message is a fake

Just because the SMS has “AUPost” or “AusPost” or even “AustraliaPost” in the sender name doesn’t mean it’s real.

Provided the SMS service a scammer is using has the option for a send name, they can send it out using a familiar name. In fact, if you have already received messages from that name, your phone will combine them all, helping the ruse.

But there is one thing you need to pay attention to in order to prove the message is a scam: the URL or domain.

How the URL proves a scam message is a scam

You can’t fake a URL in an SMS or a web browser, and it’s something where if you pay attention to what you’re seeing, you can help ensure you don’t get scammed.

On an SMS, the URL should be what you’re going to.

If it’s from Australia Post, you can generally expect a link from mypo.st or auspost.com.au. If the link reads as anything else, ask yourself why the link is totally different from anything you’ve previously seen from Australia Post.

When website links are dramatically different, there’s usually a reason why. If an SMS shows one, it’s probably because the SMS is a scam.

But let’s say you accidentally click on the link, and it opens up a page that looks like Australia Post.

In that situation, you’ll want to check the website at the top of the browser.

Again, you’re looking for a link that makes sense. If it’s for Australia Post, you’re probably looking for auspost.com.au, and if it’s Facebook, you want facebook.com. The website URL in the browser bar needs to look like the original, but scammers can’t make that happen, because they have no access to the real and authentic website.

How scammers trick us into thinking this website is the real thing is because many won’t check, and so the scam has time to work.

The website link (and the website domain) is where scammers try to pull a fast one, so always check.

Always take the time to look at a link and question it, asking yourself the following questions:

  • Does this look like a normal link for this company?
  • Does it make sense?
  • Does it fit in with previous messages?
  • Do you even have a package coming your way?

Asking yourself questions about the message and checking that link can help ensure you don’t click, and don’t fall for yet another scam.

Alternatively, consider learning a little more about how scams work at our aptly named scam education website, How Scams Work.

Read next