Scam invoices are trying to trick Optus customers
Don’t be too quick to click that link in a suspicious-looking Optus bill.
If you’re an Optus customer and your inbox has suddenly received an invoice out of the blue, with clickable options to pay the bill immediately, don't click! Use a little caution.
As Mailguard points out, it’s part of a mass wave of fake Optus invoices being sent out that instead direct you to a fake site that looks like Optus’ payment gateway, but actually isn't.
According to Mailguard, it’s instead a site based in Russia with the URL payoptusbill dot com (we’re not even going to type it so you can’t accidentally end up there) registered less than 24 hours ago that then deploys a rather nasty trojan onto your computer if you click through to the link. If enabled, the trojan will try to nab your personal identity information
Subject lines, addresses and invoice amounts are randomised, so you can’t simply look out for a specific amount or other giveaway that it’s a fake invoice.
But I’m an Optus customer! How can I tell the fakes from the real thing?
The existence of fake invoices isn’t an inbuilt excuse not to pay your very real invoices. You can check for the URL as in this case, but that can be obfuscated too.
The best single way to ensure that your account is accurate and up-to-date if you do receive an email invoice is to note the amount, then open a fresh browser window and head to Optus’ web site. Follow the links on that site to your account portal, sign in and check your invoice details from there. If they match it’s all good, and you can pay your bill as normal.
If the invoice doesn’t appear in your account or doesn’t match, it’s dodgy, and you should delete it without clicking on any links within at all in any way.