Telstra email phishing scam offering fake refund sent to customers

By @chelean on
A man uses his mobile phone in front of a Telstra Logo in central Sydney August 13, 2009.
A man uses his mobile phone in front of a Telstra Logo in central Sydney August 13, 2009. Reuters/Daniel Munoz

Telstra customers have been hit with an email phishing scam. The email impersonates an official Telstra email bill very well, and which has link to page that can allow cyber criminals to access customers’ sensitive personal and banking information, like home address and credit card details.

Mail Guard reports that the email scam is sent from an “@online.telstra.com” domain, which Telstra uses. As the site explains, the domain does not publish an SPF record, which is a type of Domain Name Service (DNS) record that identifies which mail servers can send email from or on behalf of the domain.

The email addresses recipients as “Customer” instead of their name, claiming that the customers have overpaid their bill and that the telco is offering them refund. It directs users to a fake Telstra landing page, which contains the words “telstraservice05.” This domain is not a legitimate Telstra page, but it appears close enough to fool victims.

The page urges them to enter their username, password and banking details so they can receive their refund. Once they enter their personal details, they will be given a receipt number, making everything look official.

According to Telstra, more than 22,000 people have received two different phishing emails. It’s unclear how many of those have clicked the link and been victimised by the phishing scam.

“These emails look very authentic, often including logos and slogans, to trick you into opening them. They often contain a link or an attachment, which is designed to entice you into clicking on it,” Mike Burgess, the telco’s chief information security officer, said.

“If a Telstra customer receives either phishing email, we advise them not to click on the links or attachments, and immediately delete the email from their email account.”

Telstra offers a feedback and complaints address where customers can report scams impersonating the company that they have received through email or phone.

In May, Telstra was accused by some customers of mobile billing “scam,” which charged customers thousands of dollars after clicking a third-party website. Although the practice is legal, the process is described as “very, very dodgy.”

Read more about it here: Telstra accused of third party billing ‘scam’ that charges customers hidden costs