Telstra customers targeted in email scam
A fake email purporting to be from Telstra is trying to scam customers out of personal and credit card details.
As one of the nation’s biggest companies, Telstra is often the target of scammers looking to hit a large number of potential customers, whether it’s by phoning you up to try to scare you that your Internet or mobile service is about to be disconnected, or simply to try to get your personal details from you for identity theft purposes. Often, though, they’re not terribly subtle, especially if you’re not actually a Telstra customer in the first place.
Mailguard has identified a scam that’s currently specifically targeting Telstra customers, and is deceptive enough that you might just be tempted to click on it. It arrives in the form of an email promising a refund due to the customer being billed twice. A promising looking log in button is included in the email, which takes you to a site that looks essentially identical to Telstra’s actual login portal.
The problem, if you haven’t worked it out already, is that it’s a fake designed to hoover up not only your Telstra credentials but also your credit card details. If you’ve received an email like this recently, your best bet is to delete it and ignore it. If you’ve responded to such an email, it would be very wise indeed to contact your financial services provider and Telstra to lock down your accounts and cards as soon as possible.
How can I spot scam emails?
This particular scam is relatively clever, in that it mimics Telstra’s general language and iconography pretty closely. There are elements of the email that more tech-savvy types can pick up on, but there are also a few simple errors that you should use when assessing any email of this type. For a start, it’s generically addressed to "customer", rather than an individual’s name.
If Telstra (or any other organisation) did have reason to contact you, they’ve always got your details. There are a few other grammatical errors in the email, and this again is often a sign of a scam email. If you did click on the login button, it takes you to a domain that starts as "Testra", rather than "Telstra". For many of these types of scams, hovering your mouse (if you’re on a desktop) over the link will show you the full URL, and if it’s not legit, there’s no way you should click.
Ultimately, it’s worth viewing any email you get from your provider with a certain amount of caution and paranoia. If it is legitimate, you can always log in to its online service portal from a fresh browser window with your own URL link and see if the same message or alert is repeated. If it’s not, it’s safe to assume it’s just another piece of junk email, trying to phish for your personal details.