Australia Post has warned people to be wary of a new highly advanced scam circulating through thousands of email inboxes.

Scammers are scraping data from social media that allows them to personalise fraudulent emails and trap would-be victims into opening an attachment.

That attachment contains what security experts say is a new type of ransomware called "Locky".

Mailguard, the anti-virus and security company that discovered the virus this week, said that by scraping personal information such as full name, location and workplace from public profiles on social media sites, the cyber criminals could deliver highly personalised attacks.

The email appears to originate from Australia Post, telling the reader a package has arrived for them at a local AusPost store and encouraging them to download shipping information via an attachment.

Once a user has clicked on the enclosed file and ran a javascript file, Locky is downloaded to their computer, from a remote location, preventing them from accessing their files until a ransom fee has been paid.

"The Australia Post scam shows how cyber criminals are using increasingly sophisticated social engineering techniques to adapt campaigns to make them more and more successful," Mailguard said on its alert website post.

An example of the email circulating purporting to be from Australia Post. ( Supplied: Mailguard )



Look for a card in the letterbox, not an email

An Australia Post spokesman confirmed a number of scam emails were circulating claiming to be from the company.

"Australia Post leaves a card in the letterbox if the customer is not at home to receive a parcel. We don't ask customers to click on a link before picking up an item awaiting collection," he said.

"Australia Post alerts customers to scams through information on our website, social media, and to subscribers of the Australian Government's Stay Smart Online alert service.

Australia Post will never: Ask you to click on an email link to print off a label to redeem your package

Ask you to click on an email link to print off a label to redeem your package Email or call you to ask for personal or financial information including password, credit card details or account information

Email or call you to ask for personal or financial information including password, credit card details or account information Send you an email asking you to click on an attachment

Send you an email asking you to click on an attachment Email you to reconfirm your physical mailing address by clicking on a link

Email you to reconfirm your physical mailing address by clicking on a link Call or email you out of the blue to request payment

"Our staff also receive regular training and updates on the importance of vigilance in relation to scams and we encourage customers to visit their local post office or call our customer contact centre on 131 318 if they have concerns."

Last month, Australia Post warned of another scam, in which emails warning the resident of a parcel that needed to be collected included malicious attachments.

Avast internet security said the new Locky virus was a new file encryptor targeting PC users and was likely created by the authors of the well-known Dridex botnet.