Telstra customers have been targeted in another phishing scam where fraudsters falsely claim payments have failed to process in a bid to steal their victim’s credit card details.
According to MailGuard, scammers often pose as the telecommunications company because of its large customer base and trusted name.
MailGuard said people should look out for an email with the subject line “Telstra – Learn more about your account”.
The email tries to trick people into thinking a payment has been unsuccessful, explaining that the telco has been “unable to process the payment of the last owing bill”.
The sender address shows “Service (No-reply)” and the email recipient “service(at)servwork(dot)net”.
The email, which is visually sparse aside from the Telstra logo, instructs recipients to fix the error by updating their credit card details by clicking hyperlinked text that says “Open My Telstra”.
By clicking on this link, victims are asked to sign into their online Telstra accounts on a back that looks very similar to the real login page the company uses.
However, the domain name is “hostenko(dot)net”, which MailGuard said is a “tell-tale sign” of a phishing site.
Victims are then asked to enter their credit card details, and then instructed to enter a unique one-time code sent to their mobile.
“Although their credit card details would already have been harvested from the last page, our team assumes that this would be used in an attempt to charge their card,” MailGuard explained in a blogpost.
Once the code has been entered, victims see a page telling them their payment has been received. They are then redirected to a real Telstra homepage.
MailGuard offered a couple of suggestions to avoid phishing attacks. The cybersecurity company said people should avoid clicking on links in emails that:
Are not addressed to you by name
Appear to be from a legitimate company but use poor English or leave out personal details that a real sender would include
Are from a business you were not expecting to hear from
Take you to a landing page or website that does not have the legitimate URL of the company it was supposed to be sent from.