Akankasha Dewan 17 September 2019 11:28:56 AEST 3 MIN READ

Warning: Think twice before you pay this ‘new bill’ brandjacking Telstra

MailGuard has discovered a phishing email scam that is targeting inboxes across Australia. First detected on Monday, the 16th of September around mid-day (AEST), the scam purports to be from Telstra and masquerades as a bill notification from the telecommunications giant.

Using a display name of 'Telstra Team', the email actually comes from an email marketing service. The email body is well formatted and authentic in appearance, and can be easily mistaken as a legitimate notification from the company. It contains an account and bill number, along with multiple support links such as a ‘Live Help’ button. The same Telstra account number is used for all recipients of the email.

The email advises the recipient that their latest Telstra bill ‘attached’. However, there is no attachment. Instead, recipients are directed to click on links to either 'Pay Now' or 'Log in to My Account'.

Here is a screenshot of the email:

Telstra bill 2

The links within the email are to a Tumblr redirect, which ultimately sends recipients to a Telstra  branded phishing site, which is a log-in page requesting for their Telstra ID and password, as per the below:

telstra phishing page

After keying in their details and hitting the ‘Next’ button, recipients are taken to another page which is a payment form asking for their details to pay the bill. Here’s a screenshot of the page below:

Telstra payment deets

MailGuard urges email users to think twice before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

Cybercriminals behind this scam use several elements within the email body to convince recipients that it is a legitimate notification from Telstra. These include employing high quality graphical elements such as Telstra’s branding in the emails. A key feature is the inclusion of the sentence ‘If you have any questions or concerns about this email you can get in touch with us at telstra.com/contact."

This disclaimer, along with the included link to the telecommunication company’s online assistance contact page, boosts the credibility of the email as it is a common feature that recipients are used to seeing in legitimate notifications from Telstra.

Telstra, by its large database and established brand credibility, is an ideal company to spoof by cybercriminals as it widens their victim pool.

Telstra’s website offers this advice to their customers on how to recognise and avoid email scams:

  • Never trust emails that ask for personal details
  • Think twice before giving personal details online - instead, contact the sender using their publicly available contact details
  • Visit trusted websites via their URL, rather than clicking a link in the email
  • Only provide financial details on secure websites
  • Use a spam filter to help block unsolicited and hoax emails

MailGuard urges all recipients of this email to delete it immediately without clicking on any links.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates