Telstra, by its coverage and brand credibility, is an ideal vehicle to disguise the latest email spear-phishing campaign – yet it is only one of more than 250,000 unique email phishing campaigns active at present.
According to MailGuard, the Telstra Email Bill is very well executed and will be difficult for email users to recognise as a phishing email.
The high quality of the execution suggests that it may be a precursor test ahead of a larger scale attack. MailGuard has identified and blocked this new phishing scam variation from the telco giant, Telstra, which is signed by Telstra executive Gerd Schenkel, executive director, digitals sales and service.
The email claims to be offering a refund for a bill which was paid twice. This is a common tactic used by cyber criminals to entice recipients to follow through with the phishing scam. The email is not personally addressed to the recipient. Rather it addresses them as "Customer", which is one of the first signs of a scam. This tactic has been seen in similar fake emails leveraging the Telstra and Google brands earlier in June.
The letter directs users to a fake “Telstra” landing page and entices them to enter a user name, password, and banking details to receive the refund. It even offers a receipt number as proof of the refund.
MailGuard says to reduce the risk of being tricked by one of these scams; you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body to access their website. If unsure call the company directly and ask whether the email is legitimate.
- Offer money, reward or gift to entice you to hand over your personal details.
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place.
Telstra offers a feedback and complaints service where you can report email or phone scams where Telstra are being impersonated.
MailGuard also have reported on a National Australia Bank survey scam. If you bank with it read more here.