The latest phishing scam being intercepted by MailGuard is targeting Telstra customers with a hopeful, ‘Your new refund’ message aimed to lure unsuspecting victims into providing scammers with sensitive information, including login and credit card information. Cybercriminals are aware that it is nearing the end of the year and holiday season, where there is a natural tightening of finances, and have taken the opportunity to mark vulnerable customers who would be delighted with receiving a refund. As a trusted name and telecommunications service provider for over 18 million customers, there is a high chance that victims will not think twice before continuing with the scammer's request.
As displayed in the screenshot below, the email purports to be from ‘Telstra’ with the subject titled, ‘Your new refund bill No: [Bill Number]’. Mimicking Telstra branding, and most importantly the familiar colouring that the company uses, scammers advise the recipient that the latest balance of their account has been paid twice due to a system error and that the amount will be refunded to their credit card within 3 days if they follow the link ‘Refund the amount’. Easy instructions are provided to the victim to what seems like a win-win situation.
Here’s what the email looks like:
After clicking on the link in the email, victims are then taken to a Telstra login page, requesting for their username and password.
Once users have supposedly ‘signed in’ to their Telstra account, they are taken to the following page, which asks for their credit card details. Note, that after submitting these details, scammers have harvested these credentials for use in follow-on criminal activity.
Submitting credit card details can lead to a severe negative impact, resulting in identity fraud and financial loss. It is imperative that customers are vigilant before sharing these details.
Once the victim ‘Confirms’ their credit card information, they are taken to the following page, which seems to be quite common in billing scams such as these, asking for a ‘one-time’ code to be entered that has been sent to your mobile phone. This is a technique used by scammers to gain the trust of the victim and feign authenticity.
Once entered, the credit card may be charged, and then the customer is shown the following ‘Your invoice has been paid successfully’ page and is redirected to a legitimate Telstra website page.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.