More than 22,000 people have received fake Telstra bills via email offering a refund as part of a phishing scam.
As companies moved customers to email billing, charging them extra to receive a paper bill via mail, scammers have moved in to take advantage, hoping to trick people into clicking on links that install malware or handing over passwords.
Telstra’s chief information security officer Mike Burgess said the emails “look very authentic”.
“One version of the fake email advises customers an account has been paid twice and customers can claim a ‘refund’ if they log into My Account via a link in the email,” the telco said in a blog post today.
Here’s how you can identify the fake versions, according to Telstra:
This fake email is identifiable by the absence of a ‘$’ sign to describe the amount of money that has allegedly been paid twice and is available for ‘refund’. Also, the amount supposedly available for refund is shown in a bracket. For example, (202.42*2).
The other fake email advises customers their bill is attached. It is identifiable by a grammatical error in the salutation which is incorrectly addressed, ‘Hi, dear customer’.
Here’s the other version of the scam:
Telstra says anyone who receives the emails should not to click on the links or attachments, and immediately delete them from their account.
The emails can be reported to Telstra via its Misuse of Service form or to Scamwatch or by calling 1300 795 995.