MailGuard has detected a new phishing email scam purporting to be from Telstra.
First detected yesterday, the 15th October, the scam purports to be from Telstra and masquerades as a notification from the telecommunications giant. Using a display name of ‘Telstra’ with a domain to match, the email originates from a single forged email address. It is titled ‘$500 Citibank Visa prepaid gift card reward’. The email’s body incorporates the Telstra logo and branding and advises the recipient that they need to claim their gift card reward before ‘18/10/2019’. A ‘claim link’ is provided for recipients to click on to access their gift card.
Unsuspecting recipients who click on the link to claim their award are redirected to a second URL which simulates a Telstra login page. This is actually a phishing page designed to harvest confidential details users. When the user inserts their login credentials, they are then led to a blank page, which is probably meant to simulate a slow connection or unreachable destination.
Beware of a scam email containing a fake Telstra bill that’s doing the rounds. Don’t click on the links in the bill, it will redirect you to a phishing website. https://t.co/4RnCWTFe32
— Scamwatch_gov_au (@Scamwatch_gov) September 19, 2019
Phishing emails come in many colours and guises. While this one appears to originate from telstra, there will be many others from different companies using the same Modus operandi.
Therefore, companies should look to make their users aware of the tactics and techniques used by criminals and how phishing emails are structured. With an effective and consistent security awareness and training programme, users will become better at spotting and reporting attempted phishing emails regardless of the originating company and the call to action.