A fraudulent email purporting to be from Telstra is landing in inboxes, putting the company’s 18 million customers at risk.
The phishing scam, impersonating Telstra, and intercepted by MailGuard, aims to lure unsuspecting victims in, to provide scammers with crucial details in response to a purported cancellation of their service. With the subject heading, ‘Re: FWD: Please update Your Payment Method’, the user is met with a Telstra branded email advising them that their last bill payment was declined, a consequence of which is a ‘service interruption’ if not rectified. Loaded words such as ‘termination’ and ‘service interruption’ are included to incite urgency. The sender’s name is a misspelling of Telstra, i.e. with a sender email address from an account powered by Freshdesk, a help desk cloud-based software. These are all initial red flags hinting at the criminal nature of the email.
Here’s what the email looks like:
When the user clicks on the blue ‘Check Information’ button, they are taken to the page below, asking them to ‘Sign into My Account with your Telstra ID’ login credentials.
After the user has ‘signed in’ and criminals have harvested their credentials, the unsuspecting victim is taken to the following phishing page, that asks for credit card details associated with the account.
Once again, scammers imitate a legitimate Telstra page. When the victim enters these details, and clicks on the green ‘Confirm’ button, they are asked for SMS verification, before being redirected to a real Telstra homepage once a code is provided. False identity verification using this technique is often used by cybercriminals to trick victims into believing that extra security measures are protecting their details, imitating a process that is commonly used by service providers when verifying payment information.
This campaign is designed to capture and harvest sensitive user credentials like usernames and passwords, along with credit card details, which may then be used in subsequent criminal activity such as for fraudulent payments or sold on the dark web to other cybercriminal groups.
Although the email is relatively simple in its execution, the phishing pages share a likeness to legitimate Telstra pages, which means that there is a likelihood that vulnerable customers may fall prey to the scam, simply due to their familiarity with the Telstra brand. In addition to this, given the urgent need to ensure that telephone and internet services remain operational.
Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or email scams. In this instance, the email does not originate from an authentic Telstra email domain.
Here’s the advice from Telstra (https://www.telstra.com.au/help/contact-us/scams) regarding email scams:
“What to look out for:
What to do next:
MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.