Convincing email targeting Telstra customers
TELSTRA customers are being warned of two new email scams using fake bill notifications to trick victims into clicking on malicious links.
The first scam hopes to direct the victim to a realistic looking Telstra login page via an email supposedly sent from the telco but closer inspection should show this is a scam.
"You can see that although the sender name is 'Telstra' the actual sender email address is 'email@example.com'," explained MailGuard.
"This sort of mismatch between the stated sender and the email address is typical of an email scam and should be a red flag to recipients."
If the victim does not pick up on the dubious email address and clicks the "View Bill" link in this message, they are redirected to a phishing page built to mimic the genuine Telstra login portal.
"This phishing page collects the scam victim's credit card details and personal data. Once the criminals behind this scam have the information the victim submits to this page, they will be able to use their credit card in identity theft fraud," explained MailGuard.
Again, closer inspection can show the page is designed to scam customers and save victims before it's too late.
"The first part of the site's URL is 'my-telstra.com.au' which looks legitimate, but that is followed by 'csaoline.com' which is the actual domain," explained MailGuard.
"Csaoline.com is a new domain registered in America on May 12 and has no connection to the real Telstra website."
The second email scam is disguised in a fake Telstra bill notification.
"A recipient who clicks on the "View Bill" button will be directed to a malicious website that will deliver malware to their computer," explained MailGuard.
"The malicious domain used in this malware attack is 'telstrabroadband.com' which has the appearance of a genuine Telstra URL. But actually, this domain is newly registered, having been created on May 13 via a registry in China."
Like the other scam, the email address used should be a red flag for customers.
Already MailGuard has discovered the scam coming from the following email addresses: