Australia markets closed

    -193.40 (-2.60%)
  • ASX 200

    -177.90 (-2.49%)

    +0.0007 (+0.09%)
  • OIL

    -0.28 (-0.33%)
  • GOLD

    -4.10 (-0.22%)

    +1,887.95 (+3.72%)
  • CMC Crypto 200

    +34.33 (+4.18%)

    +0.0008 (+0.12%)

    +0.0015 (+0.14%)
  • NZX 50

    +57.44 (+0.47%)

    -360.46 (-2.48%)
  • FTSE

    +74.31 (+1.02%)
  • Dow Jones

    -66.77 (-0.19%)
  • DAX

    +112.74 (+0.75%)
  • Hang Seng

    +1.10 (+0.00%)
  • NIKKEI 225

    -101.25 (-0.37%)

Major warning for 10 million Optus customers

·3-min read
The exterior of an Optus store.
Optus customers have been warned about a scam email seeking to steal their personal information. (Source: Getty)

Optus customers need to be wary of a phishing email that may land in their inbox, claiming to offer a refund.

The email, intercepted by MailGuard, is targeting the 10 million Optus customers around Australia to try and entice them into providing them credit card, username, and password details with the promise of a refund.

“With over 10 million Optus subscribers in Australia, it is highly likely that some unsuspecting victims will follow through on the phishing scam without giving it a second thought,” MailGuard said.

The email arrives with the subject, ‘Your new refund bill No: [###]’ from ‘Optus’ attached to what appears to be a compromised business account.

MailGuard is warning all Optus customers to always check the email address that the email has come from, as scammers try to distract recipients by using the company name as the sender.

Upon opening the email, the victim is met with a ‘Your refund did not go through!’ message, advising them that the latest balance of their account has been paid twice due to a system error.

Clicking on the ‘Refund the amount’ link supposedly refunds the purported amount ‘within 3 business days’.

“Scammers have not gone to much effort to accurately copy Optus branding, however, the inclusion of brand colours, a bill number, and refund message, could easily fool time-poor and innocent victims,” MailGuard said.

Clicking the button on the email will take customers to a phishing page asking victims for their Optus customer login details, username and password.

Entering these details will give the cybercriminals your account information. Then, victims will be taken to an SMS verification page and notified that the ‘invoice has been paid’ before being redirected to the legitimate Optus page.

“Scammers regularly use this technique to confuse victims into believing that it is authentic communication,” MailGuard said.

“This campaign is designed to capture and harvest sensitive user credentials like usernames and passwords, along with credit card details, which may then be used in subsequent criminal activity such as for fraudulent payments or sold on the dark web to other cybercriminal groups. ”

How can I tell if an email is a scam?

Optus has provided advice in relation to spotting a phishing scam purporting to be from them.

Not all phishing attempts are obvious, but signs to look out for include:

  • Generic greetings, such as 'Hi Optus customer'

  • Poor grammar, spelling, layout

  • Urgent requests for personal or sensitive information (Optus will never request personal info via email / SMS)

  • Unusual URL links or attachments

  • Message isn't from usual sender

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting