This is not actually a real bill. Picture: MailGuard.
This is not actually a real bill. Picture: MailGuard.

Convincing email targeting Telstra customers

TELSTRA customers are being warned of two new email scams using fake bill notifications to trick victims into clicking on malicious links.

The first scam hopes to direct the victim to a realistic looking Telstra login page via an email supposedly sent from the telco but closer inspection should show this is a scam.

"You can see that although the sender name is 'Telstra' the actual sender email address is 'f0846513686516.telestrasystems.com@webmail.optusnet.com.au'," explained MailGuard.

"This sort of mismatch between the stated sender and the email address is typical of an email scam and should be a red flag to recipients."

The email address is a giveaway that this is a scam. Picture: MailGuard.
The email address is a giveaway that this is a scam. Picture: MailGuard.

 

If the victim does not pick up on the dubious email address and clicks the "View Bill" link in this message, they are redirected to a phishing page built to mimic the genuine Telstra login portal.

"This phishing page collects the scam victim's credit card details and personal data. Once the criminals behind this scam have the information the victim submits to this page, they will be able to use their credit card in identity theft fraud," explained MailGuard.

Again, closer inspection can show the page is designed to scam customers and save victims before it's too late.

"The first part of the site's URL is 'my-telstra.com.au' which looks legitimate, but that is followed by 'csaoline.com' which is the actual domain," explained MailGuard.

"Csaoline.com is a new domain registered in America on May 12 and has no connection to the real Telstra website."

It might look real, but this page is actually a fake.
It might look real, but this page is actually a fake.

 

The second email scam is disguised in a fake Telstra bill notification.

"A recipient who clicks on the "View Bill" button will be directed to a malicious website that will deliver malware to their computer," explained MailGuard.

"The malicious domain used in this malware attack is 'telstrabroadband.com' which has the appearance of a genuine Telstra URL. But actually, this domain is newly registered, having been created on May 13 via a registry in China."

This email scam is well designed and quite convincing. Picture: MailGuard.
This email scam is well designed and quite convincing. Picture: MailGuard.

 

Like the other scam, the email address used should be a red flag for customers.

Already MailGuard has discovered the scam coming from the following email addresses:

• telstraemailbill_noreply1@360degreeshows.com

• telstraemailbill_noreply1@atticusfilm.com

• telstraemailbill_noreply1@butterflypassion.com

• telstraemailbill_noreply1@isaacmartinez.com

• telstraemailbill_noreply1@minocquasupperclub.com

• telstraemailbill_noreply1@pekingwillow.com

• telstraemailbill_noreply1@seminoleguardian.com

• telstraemailbill_noreply2@4webstudio.com

• telstraemailbill_noreply2@brokenbowcampground.com

• telstraemailbill_noreply2@cissyye.com

• telstraemailbill_noreply2@makenatapiceria.com

• telstraemailbill_noreply2@p2pwi.org

• telstraemailbill_noreply2@slammingsteel.com

• telstraemailbill_noreply2@stevenye.com

• telstraemailbill_noreply3@cyclocrossonline.net



‘This is Giovanni all over’: End of era for beloved CBD cafe

Premium Content ‘This is Giovanni all over’: End of era for beloved CBD cafe

The popular city hangout is closing the doors after 18 years, to downsize, rebrand...

GYMPIE ROBBERIES: Violent, clever, laughable

Premium Content GYMPIE ROBBERIES: Violent, clever, laughable

Data shows in our police district robberies have increased 71%, shop stealing 66%...

Surge in COVID testing across region as border shuts

Premium Content Surge in COVID testing across region as border shuts

The Gympie and Sunshine Coast Health District says demand is high for coronavirus...