One of the primary ways scammers steal money from people is by posing as legitimate organisations – and now, they’re targeting Optus customers, again.
Email security service MailGuard has intercepted emails pretending to be from the major telco that claim there is an outstanding Optus bill waiting to be paid.
The email includes an account number, the bill amount, the date it’s due, and apparently informs recipients of new changes to the bill.
Related story: Optus privacy breach: people see 'Vladimir' after logging in
“You’ll see there is a new account number and changes to the layout, including how GST is displayed,” the scam email states.
There is a hyperlink that reads ‘View your bill now’ that takes unsuspecting victims to a suspicious website, MailGuard said.
“As you can see from the screenshot above, the emails look legitimate. Cybercriminals have used several techniques to boost the authenticity of the emails, including incorporating the branding and logo of the ‘Optus’ company.”
Concerningly, the emails also feature the inclusion of “several data points”, such as the users’ bill amount for the past months.
“This also serves to make the emails more credible as they suggest the senders of the bill have official access to such personal data,” MailGuard said.
The scam emails come after Optus customers complained to the telco earlier this year after seeing another person’s details after logging into their online account.
How to spot the fake
If you’re not sure if emails or messages you’ve received from what appears to be a reputable organisation is the real deal, the fakes often have these tell-tale signs:
Generic greetings, such as ‘dear customer’
A sense of urgency or even threat, e.g. ‘“ensure your invoice is paid by the due date to avoid unnecessary fees”
Bad grammar, punctuation, or distorted or low-quality graphics
An instruction to click a link (hover over them to see where it takes you)
Speaking to Yahoo Finance, an Optus spokesperson said emails from Optus are only sent out from a particular email address, which Optus customers should look out for.
“It is important to note Optus sends customer bills using email@example.com, which is protected against domain hijacking using industry best practice,” the spokesperson said.
“If you suspect that you’ve received a fraudulent communication from Optus, please report it to Optus at firstname.lastname@example.org so that we can investigate and, where possible, take action.”
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, news and tech news.