Gabi Power 21 July 2022 16:18:10 AEST 8 MIN READ

Telstra Mimicked Again in New Phishing Scam

Update: Due to their large customer base, Telstra are frequently targets of impersonation. If this email differs from the one you've received, you may want to check out the most recent one from August 2022. We have also shared other Telstra scams from March and May 2022. 

Telstra customers are being targeted once again in a new phishing scam which is landing in inboxes with the subject line “Telstra – Learn more about your account .” Telstra are frequently spoofed by scammers because of their large customer base and trusted name, like in these scams that we reported on earlier this year in March and May. If your business email is not secured with MailGuard, make sure to read on so that you don’t fall victim to this one.

The sender address shows “Service (No-reply)”, however the email comes from “service(at)servwork(dot)net”. The email has minimal branding, aside from the Telstra logo, and it begins with a generic “Hello”, before explaining that they have been “unable to process the payment of the last owing bill”. In order to fix that problem, the recipient is instructed that they must update the credit card on their account by clicking the hyperlinked text which says, “Open My Telstra”.

Here's what the email looks like:

Telstra - Learn more about your account . - Mozilla Thunderbird_943


After clicking the linked text, the user is taken to a ‘Sign in’ page which is craftily designed to replicate the one Telstra currently uses, however, you’ll notice the website is hosted on a domain called “hostenko(dot)net” which is a tell-tale sign that this is a phishing site.

The user is asked to enter their username and password before pressing ‘Sign in’

Login - My Account - Telstra — Mozilla Firefox_944


After proceeding, the user is instructed to enter their credit card details, including:

  • Name on card
  • Card number
  • Expiration date
  • CCV

This page retains much of the Telstra branding to make it feel more authentic.

Login - My Account - Telstra — Mozilla Firefox_945

Next, the user is instructed to enter their unique one-time code which has been sent to their mobile. Although their credit card details would already have been harvested from the last page, our team assumes that this would be used in an attempt to charge their card.

Telstra — Mozilla Firefox_946

Once the code has been entered, the victim is shown a screen which states, “your invoice has been paid successfully” and they are then redirected to the legitimate Telstra homepage.

Telstra — Mozilla Firefox_947

Telstra offers the following suggestions if you have received an email mimicking them:

  • Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.
  • If you get a suspicious email, don't reply to the email or open the links. If you accidentally click on a link which opens a website, don't enter any information onto the website.
  • Avoid opening email attachments. If you've already saved or clicked on an attachment, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.
  • Tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
  • If you have provided your information to something you believe is a scam, please visit: What to do if you’ve become a victim of cybercrime

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.    

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates