Very large Telstra Bill and go via email scams hitting inboxes

Posted by Daniel McShanag on 25 September 2017 12:51:14 AEST

Two very large phishing campaigns are landing in business inboxes this morning. First stopped by MailGuard just before 9:00AM AEST, the scams are impersonating Telstra and Brisbane eToll operator go via.

The Telstra scam was first blocked at 8:45AM AEST, with a subject of ‘Telstra Bill – Arrival Notification,’ the email is a notification from the ‘Telstra Online Services Team’ alerting customers to the arrival of their bill and providing a malicious link to ‘View Bill.’

Telstra Bill - Arrival Notification - Mozilla Thunderbird_144.png

The email is plain text, with no Telstra branding, however it is otherwise well formatted and authentic in appearance, and the sender email could be easily mistaken for the real thing at telstraemailbill_noreply(at)telstra(dot)enterprisebusinesscenter(dot)com (altered).

Cheekily, the email also includes a note advising customers that ‘Telstra will never ask you to provide credit card, or banking details via email.’ With a further link to ‘To find out more about the measures that we are taking to protect telstra.com members from email fraud, please go to http://www(dot)telstra(dot)com/phishing’ (altered).

The sending domain ‘enterprisebusinesscenter(dot)com’ was registered yesterday with a registrar in China. The link in the email goes to a compromised SharePoint hosting a Telstra Bill.zip file with a malicious JavaScript file.

Opening Telstra Bill.zip_145.png

The second scam was blocked only seconds before the Telstra Bill scam and impersonates Queensland eToll operator go via. Go via were the subject of a similar scam two weeks ago, along with several other attacks earlier in the year.  

The go via scam is well formatted, carrying authentic appearing branding and coming from a display name of ‘go via’ with a legitimate looking sending email address of ‘<do_not_reply(at)govia(dot)cwebu(dot)com’ (altered) advising customers that their ‘tax invoice statement is now available for download.’

govia.png

As with the Telstra email bill scam, in this case the ‘cwebu(dot)com’ domain was also registered yesterday in China, and the link goes to another compromised SharePoint site with a .zip file containing a malicious ‘Monthly invoice.js’ JavaScript file.  

Monthly invoice.zip _147.png

MailGuard urges email users to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: Malware email scam Cybersecurity Telstra cybercrime Survivingcybercrime cybercrime statistics hoax email brandjacking Australian brands

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all