A sophisticated phishing email purporting to be from Telstra has been identified by MailGuard. “It’s just mind-blowingly awesome,” said MailGuard CEO Craig McDonald, “in terms of representing the brand, or misrepresenting it.” The email, which convincingly mimics the branding of the telco, informs the recipient that their bill has been paid twice by mistake. To receive their ‘charge back’ people are ‘requested to visit your account immediately and complete the claim’. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe It is signed by ‘Telstra executive Gerd Schenkel, Executive Director, Digital Sales and Service’. The ‘Log in to My Account’ box directs to a landing page which harvests Telstra account log in and bank details. It is near-identical to the legitimate Telstra ‘My Account’ page. McDonald said there had only been a “small run” of the email but it could be a test ahead of a larger attack. “Cyber criminals are really good marketers,” he said. “Their craft is improving every single email. Like marketing – you write a couple of variations of copy, you send a few; you see what kind of responses you get back. “The criminals are very well organised, they’re well-funded, they make a lot of money from doing this behaviour. They’re crafting as best they can.”The fake Telstra account login pageOne difference between Telstra’s genuine account login page and the fake was a video encouraging customers to switch to an email bill and ditch paper bills. The legitimate Telstra account login pageTelstra has not alerted customers to the scam but did refer CIO Australia to their standard tips on spotting phishing emails and the Australian Competition and Consumer Competition (ACCC) Scamwatch website. A spokesperson said: “These emails look very authentic, often including company logos and slogans, to trick you into opening them and disclosing your personal details, including your name, address and personal banking details. “If a Telstra customer receives a phishing email we advise them not to click on the links or the attachment and delete the email from their account.” McDonald said large corporations should be doing more to educate customers about phishing scams. “That’s all great to say but when you’re flat out busy and you’ve got 500 things going at home or at work, and the emails themselves are so compelling you want to get onto it because you’re so busy,” he said. “They’re pretty good even when you stop and pause. “Anyone’s who has got a major brand that’s built up trust over time; it’s in their interests to educate in a wider sense.” The latest Telstra phishing email follows another wave last month and similar scam emails from Auspost earlier in the year. MailGuard said it first identified the email yesterday and was the only vendor to detect it so far. Related content feature Gen AI success starts with an effective pilot strategy To harness the promise of generative AI, IT leaders must develop processes for identifying use cases, educate employees, and get the tech (safely) into their hands. By Bob Violino Sep 27, 2023 10 mins Generative AI Generative AI Generative AI feature A fluency in business and tech yields success at NATO Manfred Boudreaux-Dehmer speaks with Lee Rennick, host of CIO Leadership Live, Canada, about innovation in technology, leadership across a vast cultural landscape, and what it means to hold the inaugural CIO role at NATO. By CIO staff Sep 27, 2023 6 mins CIO IT Skills Innovation feature The demand for new skills: How can CIOs optimize their team? By Andrea Benito Sep 27, 2023 3 mins opinion The CIO event of the year: What to expect at CIO100 ASEAN Awards By Shirin Robert Sep 26, 2023 3 mins IDG Events IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe