More than 22,000 people have received fake Telstra bills via email offering a refund as part of a phishing scam.
As companies moved customers to email billing, charging them extra to receive a paper bill via mail, scammers have moved in to take advantage, hoping to trick people into clicking on links that install malware or handing over passwords.
The fake messages – headed Refund Bill Number: [a several digit number follows] ask the recipient to click on a link to make a claim for a refund of the overpayment. They claim that the second payment will then be refunded to the recipient's bank account.
The message claims to be sent in the name of Gerd Schenkel, Executive Director, Telstra Digital Sales and Service.
Telstra advises customers that receive a phishing email or text message not to click on any links or attachments and to delete the message immediately.
Phishing is an attempt to scam or deceive you into disclosing personal and financial information in an email or online. A hoax email may look like it was sent from a reputable organisation, and may ask you to disclose personal information via return email or by clicking a link. These emails often look genuine, copying a company's branding and email layout, and using an address that's very similar to the real company's URL.
Telstra’s chief information security officer Mike Burgess said the emails “look very authentic”.
“One version of the fake email advises customers an account has been paid twice and customers can claim a ‘refund’ if they log into My Account via a link in the email,” the telco said in a blog post today.
Be wary of any unsolicited email or SMS messages, particularly those that ask you to click on a link. Never click on a link in any unsolicited email or SMS message. If you have any doubts about a message, check directly with the sender using contact details obtained from legitimate sources such as official websites.
If you do accidentally click on the link, you may expose your computer or phone, and personal information, to criminals who aim to use it for malicious purposes. For example, they may harvest your online banking credentials and attempt to withdraw money from your account, or undertake identity theft-related activities such as taking out a bank loan in the recipient’s name.
Keep your antivirus and any other security software up-to-date. Every business, big or small, needs to have multiple layers of protection in order to effectively safeguard them from these threats.
If you are concerned about your business security contact Qbit, we can run a Free Health Check on your systems and pinpoint any issues or vulnerabilities.
Original article Stay Smart Online.