.:.:.:. .:..:. ::: ..:..

August 2019
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

  Viewing 0 - 2  
Oh Goody, the Scammers Are Back! - Fake Telstra Billing Confirmation email

Well, it's been a while since a scam hit my in-box, but it seems like one slipped through the spam filter at the ISP. This one purports to be a billing contact email from Telstra. So, let's start pulling it apart for scam-sign, shall we?


We're starting to see scam-sign very early on here: none of these are from the domain of the company whose logo is on the email - the nearest we get is the final one, complete with careful misspellings.

Text of the email: Text below the fold )

There are two links in the article - one under "Click here" and one under "". Both of them point to the same site -

Again, nothing linking things back to the company who is purportedly sending this.

Following the link given throws you over to a pass-through page, which sends you to this one:

This turns out to be a copy of the Telstra login page. Needless to say I didn't bother following through and "updating" my personal details (although I am somewhat tempted to hand over a bunch of details for a fictional character or three).

The initial content of the email was a bit suspect to begin with - red flag number one. But if you are being contacted by a utility company to check their records are up to date, they're almost certainly going to be sending the email from their own servers (red flag number two) and with their own domain name (red flag number three) on the email. They're also going to have links pointing to their own domain (red flag number four) and those links aren't likely to include a leading space in the link text anywhere (red flag number five).

So, this is a scam; it's a phishing scam; and it's designed to ensure you hand over a bunch of your personal details - probably including things like credit card numbers and such, but almost certainly including your name, address, telephone number and so on.

How to protect yourself against these? Well, to start with, utility suppliers tend to be fairly lax when it comes to chasing information. My own experience is they tend to consider things like a change of address, or a change of credit card number, to be something you're going to tell them about as part of the business relationship if you're continuing to purchase their product (and some of them tend to be a bit slow to act on updates anyway - as anyone who's been billed by a utility for power or gas charges at an address they know you no longer occupy can testify to).

Also, if you've given a utility company a physical address, they're far more likely to send you paper mail to confirm things rather than email. But again, they're not going to be chasing this information unless there's a reason to do so: if you've been paying your bills regularly, you probably won't hear anything from them except "here's your next bill, please pay X amount on Y date via these various convenient methods".

If you receive something via email from a utility company saying they need you to log in somewhere to update your details, it's probably a good idea to phone them and confirm this is the case - at worst, you'll have spent a little time being over-cautious. At best, you'll have saved yourself from giving details to phishing scammers and identity thieves.

ETA: Dreamwidth is being hlepy and turning the two URLs for the scam-site into links. Please do not follow the links to the scam site.

This entry was originally posted at Please comment there using OpenID.

Current Mood: bitchy bitchy
Urgent Scam Warning: Subsidy Benefit UD4G, Australian DHS

I'm putting this one out there because they're using the DHS crest on the email, and they're asking for a LOT of identifying information. It's a scam. It's an identity theft scam. There is NO "subsidy benefit" being offered.

So email details:

From: Australian Government Department of Human Services <>
To: Me
Subject: [Bulk] Your 2016 Subsidy benefit - Code UD4G.
Reply To:

Email text below the fold )

What are the scam flags flying in this one?

Well, to start with, the Australian Department of Human Services doesn't actually directly supply ANY benefits, subsidies, pensions or other such payments. The DHS is essentially a wrapper department around a collection of government agencies which supply services to clients - Centrelink, Medicare, the Child Support Agency, CRS, and so on. If you get money administered through these agencies, it comes out of the budget of the DHS, but you will never actually deal with the DHS directly - it's always through a subsidiary agency.

Secondly, if you're being sent a genuine email from the DHS, it's more likely to come through your My.Gov account than direct to your email box. This is because My.Gov is a DHS service supplying secure email and gateway services to their subsidiary agencies. They want people to use My.Gov, so they're going to push that. If this was genuine, what I would have received would have been a little note in my INBOX (not my "Junk" folder) telling me that I had a message in my My.Gov inbox.

Thirdly, no matter how tight the Australian government gets with the funds, no Australian government department is going to be wanting replies to be sent to a throw-away freemail account in Germany.

Fourthly: note the items being asked for in the email. You're being asked for identifying information - your name, your address, your tax file number, your tax details (and by asking for superannuation or dividend statements they're asking for details about your investments, too), and also your bank account details. This is an attempt at identity theft, straight up.

There is no 2016 Subsidy Benefit, there is only a scammer wanting to impersonate you. If you give them your details, the people you'll be notified by shortly will be your bank, your investments and the ATO (and they'll all be telling you you're suddenly a lot poorer than you used to be).

This entry was originally posted at Please comment there using OpenID.

Current Mood: annoyed annoyed
  Viewing 0 - 2