Scammers are tricking Telstra customers into handing over their credit card details by claiming they've paid your bill twice. Here's what you need to know.
[Image: Getty Images]
These days most of us are savvy enough not to fall for promises that look too good to be true, whether it's a win in the British Lottery or an inheritance from a long-lost uncle in deepest, darkest Peru.
Scammers have moved with the times and their new promises are a lot more boring and realistic, such as a small tax refund, unexpected parcel delivery or billing error in your favour.
The latest wave of convincing-looking scam emails, identified by MailGuard, claim you've somehow paid your Telstra bill twice so you're entitled to a refund.
Rather than take a shotgun approach the scammers have only sent it to Telstra customers – more than 20,000 of them – who probably won't find it too hard to believe that the telco has managed to cock up their bill.
This isn't a cryptolocker attack like many fake emails that have probably arrived in your inbox lately – there isn't an infected malware attachment or dodgy link designed to encrypt all your documents and demand a ransom. Instead the official-looking letter, supposedly signed by Telstra executive Gerd Schenkel, points you to Telstra's My Account online portal where you can log into your Telstra account and claim your refund.
Of course the link doesn't send you to Telstra's real My Account page, just a very convincing-looking forgery as part of a "phishing" attack hoping to trick you into handing over sensitive information. Along with your Telstra login and password you're asked to provide all your credit card and billing address details along with your date of birth.
Not only can scammers use these details to go on a shopping spree with your credit card, it's also enough information for them to pretend to be you and start racking up other debts in your name.
The best defence against these attacks is a healthy sense of paranoia. Often they'll be riddled with grammatical errors, come from a suspicious-looking email address or rely on a suspicious-looking website name. This latest Telstra attack does look very convincing, but if nothing else the fact that it asks for so much information should ring alarm bells.
Always assume that any unexpected email you received from a service provider is a fake. Never open attachments, click on links in the email or trust the supplied phone number. If in doubt, contact the provider directly to clarify.
If you've been caught by this scam the best thing to do is notify Telstra, change your My Account password and notify your bank so it can cancel your credit card.
Have you been caught out by these kinds of scams? How do you spot the fakes?