MailGuard 14 July 2021 14:49:07 AEST 5 MIN READ

Telstra phishing email scam – “Your contract has been cancelled”

In the latest email phishing campaign landing in inboxes, telecommunications carrier, Telstra, is being impersonated by cybercriminals in an attempt to trick users into handing over sensitive credentials.

With a subject line that reads ‘Telstra – 2021: Your contract has been cancelled’ and ‘Support’ as the sender display name, the email itself is otherwise a relatively unremarkable, plain text message informing recipients that “We were unable to process your latest bill” with a link to “...retry your payment.”

Telstra-Email-ofs-01

The phishing page is more credible, with Telstra branding elements, it is a close replica of a legitimate Telstra login page, encouraging users to ‘Sign in to My Account with your Telstra ID’ and capturing the username and password.

Telstra-phish-1-01

As with the sign in page, the subsequent page is also a close replica of a normal Telstra payments page, requesting that the user submit their ‘Credit Card Details’ and designed to capture the name on the card, the card number, expiry date and CCV.

Telstra-phish-2-01

The final page tells users that an SMS message has been sent to their mobile phone with a one-time verification code.

Telstra-phish-3-01

 

This campaign is designed to capture and harvest sensitive user credentials like their username and password, along with their credit card details which may be used in subsequent scams, for fraudulent payments or sold on the dark web to other cybercriminal groups.

While the emails claim to be from ‘Support’ they appear to actually come from a compromised website in Germany, and the phishing pages are hosted by ‘DynDNS domain’ and ‘Namecheap hosting.’

Although the email is relatively simple in its execution, the phishing pages are a good likeness and there is a likelihood that a number of customers will fall prey to the scam simply because of their familiarity with the Telstra brand, and because of the importance of ensuring that your telephone and internet services are paid and operational.

Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or email scams. In this instance, the email does not originate from an authentic Telstra email domain. Here’s the advice from Telstra (https://www.telstra.com.au/help/contact-us/scams) with regard to email scams:

“What to look out for:

  • Unaddressed or generically addressed emails, such as “Dear Customer”.
  • Badly written emails with broken sentences, spelling mistakes, grammatical errors and words in a foreign language.
  • Suspicious looking URLs or ones that don’t directly point back to the Telstra website.
  • Emails that include a zip file, an .exe or other suspicious attachment.
  • Emails that display account information that doesn't match your Telstra account details. You can refer to Telstra 24x7 My Account for accurate account information.
  • Requests for your credit card, passwords, account details or personal information either by replying to the email, or by asking you to ‘click a link’ and fill in a web form.

 

What to do next:

  • Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.
  • If you get a suspicious email, don't reply to the email or open the links. If you accidentally click on a link which opens a website, don't enter any information onto the website.
  • Avoid opening email attachments. If you've already saved or clicked on an attachment, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.
  • Tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
  • If you have provided your information to something you believe is a scam, please visit: What to do if you’ve become a victim of cybercrime”

 

Cybercriminals frequently exploit large companies and trusted brands like Telstra in their scams, because their good reputation lulls victims into a false sense of security. Because of their large number of customers, Telstra is a regular victim of these scams.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates