People who do open the attachments risk downloading ransomware called 'Locky' to their computer. This ransomware locks targeted files on the computer and demands that victims pay a ransom of hundreds of dollars for the digital key to unlock them. The criminals demand the payment be made in the digital currency bitcoin.
What makes the scam so dangerous is that it addresses the recipient with personal information such as their full name, location, workplace and job description — all gleaned from their social media profile and designed to dupe them into thinking the email is legitimate.
The email, which looks like it's from Australia Post, tells the recipient to print an attached "shipment confirmation" and bring it into an AusPost store, along with ID, to collect a parcel. Once the victim downloads and opens the attachment, it runs a simple JavaScript code that locks their computer files and demands a ransom fee in bitcoins worth hundreds of dollars.
Australia Post warned in February this year that it would never send users an email asking them to click on an attachment. If you receive one of these emails, you are advised not to open the message or any attachments and to advise the Australian Cybercrime Online Reporting Network.