Cybercriminals brandjack both Telstra and DocuSign; circulate email scam

Posted by Akankasha Dewan on 23 January 2019 10:31:56 AEDT

MailGuard has detected a new email-based cyber-attack using Telstra branding is hitting Australian inboxes.

Interestingly, cybercriminals have gone a step further and impersonated another well-established company, DocuSign, within the same email. This is done in a bid to boost the legitimacy of the email and convince users to click on the links embedded within it.

Using a display name of a Telstra Business Centre user via Docusign, the message actually comes from multiple compromised accounts.

The message body advises the recipient that someone from Telstra has sent them a document to review and sign. It claims that a user from a Telstra Business Centre branch is the sender of the document, with their name used in multiple locations including the message body.

Here is the screenshot of the email:

DOcusign, Telstra scam

MailGuard understands that unsuspecting recipients who click on the link to ‘review document’ may initiate a malicious file download designed to infect the recipients’ computer.

As mentioned above, the inclusion of both Telstra and DocuSign logos and branding within the email makes it harder for recipients to identify the email as a scam as it appears as a legitimate notification. In such cases, users are reminded of the importance of not accepting/clicking on documents from unknown senders, despite the organisation they purport to be from. All attachments/links should only be accessed when users are certain about the credibility of their owners.

Telstra, by its large database and established brand credibility, is an ideal company to spoof by cybercriminals as it widens their victim pool.

Telstra Takes Security Seriously

Telstra has been targeted by brandjacking before, and they caution their customers to verify Telstra emails are authentic. On their support page they advise:

Hoax emails may:
- Be unaddressed, or addressed generically to Dear Customer
- Be badly written with broken sentences, spelling mistakes and grammatical errors
- Show a sender address that is very close to the real company's address
- Display a suspicious looking URL when you hover over links or buttons you're asked to click
- Contain an unexpected zip file or other attachment

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity Telstra cybercrime DocuSign

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all