A new wave of fake scam emails pretending to be from Telstra were identified on 4 September by local email filtering firm, MailGuard.
The attack came in the form of fake Telstra bill emails, with MailGuard starting to pick the emails up from around 7:30 AM.
In an attempt to get recipients to click on a link, the email claimed “Good news – your account is currently in credit, so no payment is required at this time”.
The fake email contains a link to “Your new Telstra bill is attached by link”, which initiates the download of a malicious file.
The dodgy email contains a design and logo aimed to emulate those of Telstra, to make it look like a real bill.
According to MailGuard, the amount claimed to be in credit is in the hundreds of dollars range, even though the dollar values are random to each email.
The account numbers shown in the emails are also random, and the emails were sent from different email addresses and display names.
Telstra - the real telco - offers a number of suggestions to customers in the event they think they have received a fake email, however is important to note that Telstra bills come with a .PDF file attachment and a link to log into an account.
If in doubt, customers should visit sites through trusted URLs instead of clicking links in emails.
Last year, a similar scam used Telstra bills to target unaware users. Within days two attacks took place with fake emails promising to refund Telstra customers who had supposedly overpaid their bills.
The second wave was not as well executed, claimed MailGuard at the time, containing significantly more formatting and grammatical errors and also coming from a different sender.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.