Telstra Customers Targeted by Scammers with Urgent ‘Service Interruption’ Alert

A fraudulent phishing email, designed to steal sensitive credentials including credit card details, has landed in inboxes purporting to be from Telstra.  The email alerts users that their last bill payment has been declined and that they are at risk of having their phone or internet services disrupted. As a large company with a trusted brand and millions of customers, Telstra is a popular target for threat actors hawking phishing scams of this kind. Details harvested from a scam of this nature may be used in subsequent criminal activity such as for fraudulent payments or sold on the dark web to other cybercriminal groups. Users must remain vigilant.  

Here’s what the email looks like:  

As you can see from the screenshot above, scammers have copied the branding and design of a legitimate Telstra alert, including an accurate depiction of the well-known logo. Upon closer inspection of the body of the email, however, many grammatical errors can be found, such as ‘scHeduled’ and ‘inFormation’ alluding to the scamming nature of the email.  

If users click on the blue ‘Click here’ button in order to update their billing information, they are taken to the first phishing page below which asks for their Telstra login details. The added elements of Telstra branding closely resemble an actual customer login page.  

After criminals have harvested these login credentials, victims are then taken to the next page below, which encourages them to provide the credit card details associated with their Telstra billing.  

The next step of the scam advises users that an SMS has been sent to their mobile phone in which a verification code is provided. However, this is likely to be an attempted charge on the credit card.

Once the code is entered, customers are advised that their ‘invoice has been paid successfully’ and are redirected to a legitimate Telstra website page.  

Although the email is relatively simple in its execution, the phishing pages share a likeness to legitimate Telstra pages, which means that there is a likelihood that vulnerable customers may fall prey to the scam, simply due to their familiarity with the Telstra brand and the urgent need to ensure that telephone and internet services remain operational.   

Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or email scams. In this instance, the email does not originate from an authentic Telstra email domain.   

Here’s the advice from Telstra (https://www.telstra.com.au/help/contact-us/scams) about email scams:  

“What to look out for:  

• Unaddressed or generically addressed emails, such as “Dear Customer”.  

• Badly written emails with broken sentences, spelling mistakes, grammatical errors, and words in a foreign language.  
• Suspicious-looking URLs or ones that don’t directly point back to the Telstra website.  
• Emails that include a zip file, an .exe, or other suspicious attachments.  
• Emails that display account information that doesn't match your Telstra account details. You can refer to Telstra 24x7 My Account for accurate account information.  
• Requests for your credit card, passwords, account details, or personal information either by replying to the email or by asking you to ‘click a link' and fill in a web form.  

 What to do next:  

• Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.  
• If you get a suspicious email, don't reply to the email or open the links. If you accidentally click on a link that opens a website, don't enter any information onto the website.  
• Avoid opening email attachments. If you've already saved or clicked on an attachment, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.  
• Tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.  

• If you have provided your information to something you believe is a scam, please visit: What to do if you’ve become a victim of cybercrime”  

 MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your financial well-being.    

MailGuard urges users not to click links or open attachments within emails that:     

• Are not addressed to you by name.     
• Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.    
• Are from businesses that you were not expecting to hear from, and/or    
• Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.     

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.