This weeks Phishing email was submitted by a valued client, Australain Lawn Concepts, asking us to help them determine if it was a real email from Telstra.

 

If you have received an email that you are not sure about, and want us to help you figure it out, forward the email to blog@aimcom.com.au, and we will assist you as best we can.

 

Section 1: What email did the client receive, and how can we determine it is a Phishing Scam?

 

The email received claimed to be from Bigpond, and states that the billing system was unable to process my last payment.  A sample is shown below:

Telstra Phishing Scam

 

There are two Phishing indicators in this email:

  • The email address showing in the “Sent To:” field of the email, was not an email address that belonged to the receiver
  • When we hover over the telstra.com/paybill link in the email, it actually shows as pointing to  “telstrabillingupdate.altervista.org”  See below:Telstra Phishing Link

 

 

If you receive this email, delete it immediately, and do not follow the link in the email and fill out your personal details.

 

 

Section 2: What happens if you click on a link in the email?

 

DISCLAIMER: Please do not try this yourself.  When I follow suspicious links and open suspicious files, I do so in a sandboxed environment that protects from Malware getting onto my PC.  Doing this directly on your own PC could get you infected with Malware.

 

Upon clicking on the lnk, you are taken to a fake Telstra page which requests your Telstra account number:

Telstra Fake Page 1

 

 

When you click the “Submit” button on this page, you are then taken to the next page, which asks for your full name, credit card details, mother’s maiden name, billing address, home phone number, and date of birth:

Telstra Fake Page 2

 

 

This information collecting is common in Phishing scams.  The attacker is trying to gather as much info about you as possible for the purposes of using your identity to commit fraud, and using your credit card to make purchases.

 

 

Section 3: What should I do if I clicked on the link, and entered my personal details?

 

You should immediately contact your bank and have your credit card cancelled.  Additionally, you should consider setting up an alert service through a credit reporting agency to be alerted when anyone obtains credit in your name.

 

 

Do you have any questions, comments?  Email us on blog@aimcom.com.au

 

Interested in receiving these in your inbox as we write them?  Simply fill in your email address below and click “Sign me up!”