MailGuard 18 November 2021 13:26:24 AEDT 9 MIN READ

Scammers Lure Telstra Customers with 'Your new refund' Phishing Email In Time For the Holidays

The latest phishing scam being intercepted by MailGuard is targeting Telstra customers with a hopeful, ‘Your new refund’ message aimed to lure unsuspecting victims into providing scammers with sensitive information, including login and credit card information. Cybercriminals are aware that it is nearing the end of the year and holiday season, where there is a natural tightening of finances, and have taken the opportunity to mark vulnerable customers who would be delighted with receiving a refund. As a trusted name and telecommunications service provider for over 18 million customers, there is a high chance that victims will not think twice before continuing with the scammer's request.

As displayed in the screenshot below, the email purports to be from ‘Telstra’ with the subject titled, ‘Your new refund bill No: [Bill Number]’. Mimicking Telstra branding, and most importantly the familiar colouring that the company uses, scammers advise the recipient that the latest balance of their account has been paid twice due to a system error and that the amount will be refunded to their credit card within 3 days if they follow the link ‘Refund the amount’. Easy instructions are provided to the victim to what seems like a win-win situation.  

Here’s what the email looks like:  

ProperYour new refund bil N° - 56889833221 - Mozilla Thunderbird_719[58]

After clicking on the link in the email, victims are then taken to a Telstra login page, requesting for their username and password.

Login - My Account - Telstra — Mozilla Firefox_642-1

Once users have supposedly ‘signed in’ to their Telstra account, they are taken to the following page, which asks for their credit card details. Note, that after submitting these details, scammers have harvested these credentials for use in follow-on criminal activity.

Login - My Account - Telstra — Mozilla Firefox_726-1

Submitting credit card details can lead to a severe negative impact, resulting in identity fraud and financial loss. It is imperative that customers are vigilant before sharing these details.

Once the victim ‘Confirms’ their credit card information, they are taken to the following page, which seems to be quite common in billing scams such as these, asking for a ‘one-time’ code to be entered that has been sent to your mobile phone. This is a technique used by scammers to gain the trust of the victim and feign authenticity.

Telstra — Mozilla Firefox_724

Once entered, the credit card may be charged, and then the customer is shown the following ‘Your invoice has been paid successfully’ page and is redirected to a legitimate Telstra website page.

Telstra — Mozilla Firefox_725

This campaign is designed to capture and harvest sensitive user credentials like usernames and passwords, along with credit card details, which may then be used in subsequent criminal activity such as for fraudulent payments or sold on the dark web to other cybercriminal groups.  

Although the email is relatively simple in its execution, the phishing pages share a likeness to legitimate Telstra pages, which means that there is a likelihood that vulnerable customers may fall prey to the scam, simply due to their familiarity with the Telstra brand.

Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or email scams. In this instance, the email does not originate from an authentic Telstra email domain.  

Here’s the advice from Telstra (https://www.telstra.com.au/help/contact-us/scams) with regard to email scams: 

“What to look out for: 

  • Unaddressed or generically addressed emails, such as “Dear Customer”. 
  • Badly written emails with broken sentences, spelling mistakes, grammatical errors and words in a foreign language. 
  • Suspicious-looking URLs or ones that don’t directly point back to the Telstra website. 
  • Emails that include a zip file, an .exe or other suspicious attachment. 
  • Emails that display account information that doesn't match your Telstra account details. You can refer to Telstra 24x7 My Account for accurate account information. 
  • Requests for your credit card, passwords, account details or personal information either by replying to the email, or by asking you to ‘click a link’ and fill in a web form. 

 

What to do next: 

  • Avoid opening suspicious or unsolicited emails – delete them directly from your inbox. 
  • If you get a suspicious email, don't reply to the email or open the links. If you accidentally click on a link that opens a website, don't enter any information onto the website. 
  • Avoid opening email attachments. If you've already saved or clicked on an attachment, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer. 
  • Tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions. 
  • If you have provided your information to something you believe is a scam, please visit: What to do if you’ve become a victim of cybercrime” 

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your financial well-being.   

MailGuard urges users not to click links or open attachments within emails that:    

  • Are not addressed to you by name.    
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.    
  • Are from businesses that you were not expecting to hear from, and/or    
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.    

One email is all that it takes    

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.    

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes. 

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates