Akankasha Dewan 24 January 2020 13:28:42 AEDT 3 MIN READ

Phishing email claims to deliver ‘your Qantas Travel Money load receipt’

It might sound exciting to receive an email announcing an unexpected inflow of Qantas Travel Money, but don’t be too quick to follow its instructions – your surprise might just turn into a bit of a shock.

MailGuard intercepted a phishing email scam spoofing the airline carrier earlier this morning (AEST).

Purporting to come from Qantas Support Team, the email is titled ‘Don’t let 1,000,000 bonus Qantas points get away’. The email body informs recipients that their Qantas Travel Money ‘load has been successful’ and these new funds ‘are now available to spend at millions of Mastercard locations worldwide’. A link is provided for their recipient to view their ‘Qantas Travel Money load receipt’.

Here is a screenshot of the email:

Qantas 24_01 edited


Unsuspecting recipients who click on the link are led to a fake Qantas-branded login page which asks for their Frequent Flyer login details like ‘membership number’, ‘last name’ and ‘pin’. This is actually a phishing page. Here is a screenshot of the page below:

Qantas 2401_1

Upon ‘logging in’, users are asked to ‘verify’ their identity, and are required to input personal details like their mother’s maiden name, date of birth, and their postcode, as per the below:

Qantas 2401_1

Clicking ‘verify’ finally redirects the user to the real Qantas travel money webpage.

Multiple techniques have been employed by cybercriminals to boost the legitimacy of both the email and its following phishing pages. This includes the incorporation of the Qantas Frequent Flyer branding & logo in the email and also on the phishing pages. The use of the verification page ‘to protect your account’ serves to further boost the legitimacy of the email  as these are official elements expected to be present from a well-established brand like Qantas.

Saying that however, multiple red flags exist in this scam that should alert any eagle-eyed recipients. One notable example of this is that the Qantas Frequent Flyer page is hosted on a domain called ‘Qantos’. Spacing and grammatical issues on the email are also good indicators of its unauthenticity. 

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. If you see an email from Qantas, please exercise caution and make sure it is a legitimate communication before you open it. Please share this alert with your social media network to help us make the people aware of the threat.

What to do if you receive a suspicious email

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Stop email fraud

Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.

For a few dollars per month, you can protect your inbox with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your email secure: click here.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates