LEGALAUDIT

Scam Watch

How can you recognize Australia Post smishing — 'redelivery fee' phishing?

TLDR

SMS claims AusPost / StarTrack parcel can't be delivered, needs A$3.20 redelivery fee. Link leads to auspost redelivery[.]xyz, harvests card + DOB + Medicare/licence. ACCC ScamWatch logged 200,000+ AusPost smishing reports in 2024....

How it works

SMS claims AusPost / StarTrack parcel can't be delivered, needs A$3.20 redelivery fee. Link leads to auspost redelivery[.]xyz, harvests card + DOB + Medicare/licence. ACCC ScamWatch logged 200,000+ AusPost smishing reports in 2024....

Red flags

  • Urgent pressure to click, pay, or share codes immediately.
  • A link or sender that does not match the official organization.
  • Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What to do

  1. 1ACCC ScamWatch logged 200,000+ AusPost smishing reports in 2024.
  2. 2Indicators: tracking format doesn't match AusPost (33 alphanumeric chars), domain not auspost.com.au, asks for licence + Medicare to 'verify identity'.
  3. 3IF VICTIM: call card issuer, freeze account; if licence shared, replace via Service NSW/VicRoads and place a ban via IDCARE (idcare.org) Cyber Support; lodge ScamWatch report.

Source

ACCC-ScamWatch

Source reviewed by Mythos Forensic Team

https://www.scamwatch.gov.au/types-of-scams/threats-extortion

FAQ

Is Australia Post smishing — 'redelivery fee' phishing a real scam pattern?

Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.

What are the first warning signs?

Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What should I do first?

ACCC ScamWatch logged 200,000+ AusPost smishing reports in 2024.; Indicators: tracking format doesn't match AusPost (33 alphanumeric chars), domain not auspost.com.au, asks for licence + Medicare to 'verify identity'.; IF VICTIM: call card issuer, freeze account; if licence shared, replace via Service NSW/VicRoads and place a ban via IDCARE (idcare.org) Cyber Support; lodge ScamWatch report.

Can LegalAudit check my case?

Yes. Start a free chat and paste the message, link, sender, or payment details for triage.