Telstra customers are being warned to check their email inboxes for phishing emails, after the telco revealed last week that 22,000 of their account holders recently received fake email bills.
The scam was revealed on Friday, with Telstra saying the fake emails were copies of legitimate bills from the telco, sent with the subject line “Your email bill” but with some key details had been changed.
One of the emails advised Telstra customers they had accidentally paid one of their accounts twice and they were now entitled to receive a “refund” if they logged in to their account via a link in the body of the email.
The refund amount did not have a dollar sign next to the amount allegedly paid twice and therefore available for a refund. The dollar amount was also shown inside brackets.
The second type of email is in the format of an alert to let the customer know their bill is ready for payment. The email says the customer’s bill is attached but Telstra said the greeting of the fake email contains a grammatical error. It says: “Hi, dear customer”.
Telstra said the emails were an attempt to get customers to hand over personal details, including their name, address and banking details.
The telco recommends that customers who receive one of the emails delete it without opening and then report it to Telstra or to the Australia Competition and Consumer Commission.
AVG security advisor Michael McKinnon told SmartCompany telecommunications and utilities providers are particularly susceptible to scams as customers are usually mindful to pay their accounts on time for fear of having their service disconnected.
“For the crooks behind the scams, this is one of the leading motivations as they know people pay attention to those types of emails,” McKinnon says.
McKinnon says businesses are also vulnerable to invoice-type scams.
“As organisations get larger and larger, it’s a well-known fact the distance between the people who pay the accounts and those who manage expenditure is quite distant,” he says.
“[Scammers] will send physical invoices and emails just hoping they will get paid.”
McKinnon says email scams previously mimicked legitimate emails from companies such as Telstra, to a certain extent, there is now “more and more blatant copying and pasting”.
Here are McKinnon’s top three tips to make sure you don’t get stung by an email scam:
1. Compare your account number
McKinnon says in most cases, email scams won’t replicate your account number correctly, so making sure you carefully verify your account number could help you avoid falling for a scam.
2. Check the address that has sent the email
“Make sure your email system is running some kind of anti-spam functionality,” says McKinnon, who points out large businesses such as Telstra will also have security protection on their email server so it is unlikely these sorts of emails have originated within the business.
3. Pick up the phone
If you have concerns about an email you receive, McKinnon says the best thing to do is “change the channel of communication” by picking up the phone and calling the business directly. Don’t call the phone listed in the email and definitely do not reply to the email.
“Look up the business’s number independently and give them a call,” he says.