The “sinister” new phishing scam promises a refund but actually aims to steal Telstra ID login information and credit card details, according to MailGuard.
“By gaining access to your Telstra ID account, the fraudster may be able to take control of your phone number and consequently access your bank accounts, in what’s known as a SIM-swap scam,” MailGuard said.
“Last year, financial losses to this type of scam cost each victim more than $28,700 on average, with the largest loss totalling $463,782.”
The subject line of the email shows ‘Reminder: Refund ID’ with a number of letters and numbers following.
The sender display name shows ‘Service Inc.’ and the from email address displays as “secretary” at the recipient’s domain.
The Telstra-branded email uses a generic greeting and alerts the recipient that their account has been “paid twice due to a system error”.
Clicking the link in the email takes the potential victim to a phishing page that is not associated with Telstra.
“The phishing page is designed similarly to the login page used by Telstra, and heavily uses their branding,” MailGuard said.
“On this page, the user is asked to enter their username and password, which are harvested for later use.”
On the next page, which again is designed to appear as a legitimate Telstra site, the victim is asked to enter their credit card details, including:
Name on card
“Once the victim has submitted their credit card details, which are also then stolen, they’re redirected to a page which prompts them to enter a one-time code that is sent to their mobile number,” Mailguard said.
“If this code is entered, they’re redirected to the genuine Telstra website.
“Given that many Australians are presently suffering financially, the promise of a refund may cause them to overlook red flags that we normally warn of, such as the generic greeting, failure to mention the refund total, the DHL reply-to email address, and the incorrect URL.”