|megpie71 (megpie71) wrote,|
@ 2018-02-14 10:04:00
|Entry tags:||scam alert: identity theft, scam alert: phishing|
Oh Goody, the Scammers Are Back! - Fake Telstra Billing Confirmation email
Well, it's been a while since a scam hit my in-box, but it seems like one slipped through the spam filter at the ISP. This one purports to be a billing contact email from Telstra. So, let's start pulling it apart for scam-sign, shall we?
We're starting to see scam-sign very early on here: none of these are from the domain of the company whose logo is on the email - the nearest we get is the final one, complete with careful misspellings.
Text of the email:
"Bill Account Confirmation - 0260505997
BILLING CONFIRMATION N°:3310
Our records indicate that your billing information has not been updated since you joined us. If you could update your billing information, you will not run into any future problems with the online service. However, any failure in updating your records may result with an account suspension due to outdated billing information.
Thank you for your prompt attention to this matter, as we are processing the changes you have made .
See you online soon,
Executive Director, Telstra Digital Sales and Service
Telstra 24 X 7
Protecting your privacy is important to us. You can view our Privacy Statement at telstra.com"
There are two links in the article - one under "Click here" and one under "_telstra.com". Both of them point to the same site - https://www.paylessgrocer.com.au/n101/
Again, nothing linking things back to the company who is purportedly sending this.
Following the link given throws you over to a pass-through page, which sends you to this one: https://www.paylessgrocer.com.au/me
This turns out to be a copy of the Telstra login page. Needless to say I didn't bother following through and "updating" my personal details (although I am somewhat tempted to hand over a bunch of details for a fictional character or three).
The initial content of the email was a bit suspect to begin with - red flag number one. But if you are being contacted by a utility company to check their records are up to date, they're almost certainly going to be sending the email from their own servers (red flag number two) and with their own domain name (red flag number three) on the email. They're also going to have links pointing to their own domain (red flag number four) and those links aren't likely to include a leading space in the link text anywhere (red flag number five).
So, this is a scam; it's a phishing scam; and it's designed to ensure you hand over a bunch of your personal details - probably including things like credit card numbers and such, but almost certainly including your name, address, telephone number and so on.
How to protect yourself against these? Well, to start with, utility suppliers tend to be fairly lax when it comes to chasing information. My own experience is they tend to consider things like a change of address, or a change of credit card number, to be something you're going to tell them about as part of the business relationship if you're continuing to purchase their product (and some of them tend to be a bit slow to act on updates anyway - as anyone who's been billed by a utility for power or gas charges at an address they know you no longer occupy can testify to).
Also, if you've given a utility company a physical address, they're far more likely to send you paper mail to confirm things rather than email. But again, they're not going to be chasing this information unless there's a reason to do so: if you've been paying your bills regularly, you probably won't hear anything from them except "here's your next bill, please pay X amount on Y date via these various convenient methods".
If you receive something via email from a utility company saying they need you to log in somewhere to update your details, it's probably a good idea to phone them and confirm this is the case - at worst, you'll have spent a little time being over-cautious. At best, you'll have saved yourself from giving details to phishing scammers and identity thieves.
ETA: Dreamwidth is being hlepy and turning the two URLs for the scam-site into links. Please do not follow the links to the scam site.
This entry was originally posted at https://megpie71.dreamwidth.org/112695.h