megpie71
megpie71
.:.:.:. .:..:. ::: ..:..

February 2018
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28

Back February 14th, 2018 Forward
Oh Goody, the Scammers Are Back! - Fake Telstra Billing Confirmation email

Well, it's been a while since a scam hit my in-box, but it seems like one slipped through the spam filter at the ISP. This one purports to be a billing contact email from Telstra. So, let's start pulling it apart for scam-sign, shall we?

From: BILLING@s16071902.onlinehome-server.info
From: CONFIRMATION@s16071902.onlinehome-server.info
From: comfermation-telestra@localmail-web.com

We're starting to see scam-sign very early on here: none of these are from the domain of the company whose logo is on the email - the nearest we get is the final one, complete with careful misspellings.

Text of the email: Text below the fold )

There are two links in the article - one under "Click here" and one under "_telstra.com". Both of them point to the same site - https://www.paylessgrocer.com.au/n101/

Again, nothing linking things back to the company who is purportedly sending this.

Following the link given throws you over to a pass-through page, which sends you to this one: https://www.paylessgrocer.com.au/media/adlink/-/Aust/Billing-229/sue/a26531d0505c519c3d4277d14d9cc06d/

This turns out to be a copy of the Telstra login page. Needless to say I didn't bother following through and "updating" my personal details (although I am somewhat tempted to hand over a bunch of details for a fictional character or three).

The initial content of the email was a bit suspect to begin with - red flag number one. But if you are being contacted by a utility company to check their records are up to date, they're almost certainly going to be sending the email from their own servers (red flag number two) and with their own domain name (red flag number three) on the email. They're also going to have links pointing to their own domain (red flag number four) and those links aren't likely to include a leading space in the link text anywhere (red flag number five).

So, this is a scam; it's a phishing scam; and it's designed to ensure you hand over a bunch of your personal details - probably including things like credit card numbers and such, but almost certainly including your name, address, telephone number and so on.

How to protect yourself against these? Well, to start with, utility suppliers tend to be fairly lax when it comes to chasing information. My own experience is they tend to consider things like a change of address, or a change of credit card number, to be something you're going to tell them about as part of the business relationship if you're continuing to purchase their product (and some of them tend to be a bit slow to act on updates anyway - as anyone who's been billed by a utility for power or gas charges at an address they know you no longer occupy can testify to).

Also, if you've given a utility company a physical address, they're far more likely to send you paper mail to confirm things rather than email. But again, they're not going to be chasing this information unless there's a reason to do so: if you've been paying your bills regularly, you probably won't hear anything from them except "here's your next bill, please pay X amount on Y date via these various convenient methods".

If you receive something via email from a utility company saying they need you to log in somewhere to update your details, it's probably a good idea to phone them and confirm this is the case - at worst, you'll have spent a little time being over-cautious. At best, you'll have saved yourself from giving details to phishing scammers and identity thieves.

ETA: Dreamwidth is being hlepy and turning the two URLs for the scam-site into links. Please do not follow the links to the scam site.

This entry was originally posted at https://megpie71.dreamwidth.org/112695.html. Please comment there using OpenID.

Current Mood: bitchy bitchy
Back February 14th, 2018 Forward