The very convincing scam targeting Telstra customers
A new scam has emerged targeting the inboxes of Telstra customers.
The email, which purports to be a Telstra bill, is designed to trick people into clicking on malicious links, according to cyber security firm Mail Guard.
It contains two scams. The first one directs users to a fake Telstra login page before asking for login credentials and credit card details.
If the user clicks the “View Bill” link, they will be forwarded to a phishing page, which collects credit card details and personal data.
Mail Guard also notes while the website appears convincing, part of the URL appears as “csaonline.com”, a US website with no link to Telstra.
A second scam involves malware with the “View Bill” option redirecting users to a malicious malware website registered in China.
According to Mail Guard, while the display name on this message is “Telstra Email Bill”, the malware link is being sent from the following email addresses:
telstraemailbill_noreply1@360degreeshows.com
telstraemailbill_noreply1@atticusfilm.com
telstraemailbill_noreply1@butterflypassion.com
telstraemailbill_noreply1@isaacmartinez.com
telstraemailbill_noreply1@minocquasupperclub.com
telstraemailbill_noreply1@pekingwillow.com
telstraemailbill_noreply1@seminoleguardian.com
telstraemailbill_noreply2@4webstudio.com
telstraemailbill_noreply2@brokenbowcampground.com
telstraemailbill_noreply2@cissyye.com
telstraemailbill_noreply2@makenatapiceria.com
telstraemailbill_noreply2@p2pwi.org
telstraemailbill_noreply2@slammingsteel.com
telstraemailbill_noreply2@stevenye.com
telstraemailbill_noreply3@cyclocrossonline.net
The firm described the scam emails as a form of “brandjacking”, in which criminals use email templates which look like the messages are being sent from big companies.
If you think you have been a victim of a cyber scam, consider filing a report with the Australian Cybercrime Online Reporting Network at https://www.acorn.gov.au.
If you provided any details to your financial accounts, contact your bank immediately and monitor your accounts closely.
Also, be sure to change your passwords to a newer and more secure version, preferably with a combination of numbers and letters.