Telstra email scams are a regular occurrence in Australian inboxes. A new scam phishing email was circulating Thursday which was extremely similar to other recent variations.
As we saw in previous attacks, the email and landing pages used in this scam are almost identical to the legitimate Telstra website, making it extremely difficult for recipients to identify.
Here is a sample of the recent phishing email:
In this attack cybercriminals are promising a refund for Telstra customers who have supposedly overpaid their bill. This was a small phishing run. If successful, it’s likely that this may be a pre-cursor to a larger scale attack.
MailGuard have identified and blocked this new phishing scam variation from the telco giant, Telstra, which appears to be signed by Telstra executive Gerd Schenkel, Executive Director, Digital Sales and Service again.
The email is not personally addressed to the recipient and rather addresses them as ‘Customer,’ which is one of the first signs of a scam.
The email is also sent from "@online.telstra.com", which is used legitimately by Telstra and does not publish an SPF record. Cyber criminals keep taking advantage of this as it can be seen in the repeated campaigns.
An SPF record is a type of Domain Name Service (DNS) record that will identify which mail servers can send email from or on behalf of your domain. They stop cybercriminals from forging your domain, just as they have in this instance.
Clicking ‘Log in to My Account’ takes the recipient to a fake Telstra ‘My Account’ landing page which appears to be a legitimate Telstra site. The links all work and a user would be none the wiser that this is a phishing site other than the URL at this point.
As can be seen, the URL contains the words ‘testra’ which is not a Telstra owned domain, however it is close enough to a legitimate Telstra domain to confuse victims.
The first page requires the username and password of the user’s Telstra account. Clicking ‘Log In’ takes the user to the second phishing page:
The standard phishing site will give cyber criminals access to the victim’s bank accounts and enough to engage in identity theft.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
- Offer money, reward or gift to entice you to hand over your personal details
- Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place
Communicate any suspicious emails with your IT & security teams to asses on your behalf. Telstra also offer a feedback and complaints service where you can report email or phone scams where Telstra are being impersonated.
We recommend that you share these tips with your staff to make them aware of these campaigns. By employing a cloud-based email and web filtering solution like MailGuard, you’ll also reduce the risk of these new variants of phishing emails from entering your network in the first place.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.