Warning: Telstra Customers Scammed With Fake Refund Email

Warning: Telstra Customers Scammed With Fake Refund Email

Scammers are tricking Telstra customers into handing over their credit card details by claiming they’ve paid your bill twice. Here’s what you need to know.

[Image: Getty Images]

These days most of us are savvy enough not to fall for promises that look too good to be true, whether it’s a win in the British Lottery or an inheritance from a long-lost uncle in deepest, darkest Peru.

Scammers have moved with the times and their new promises are a lot more boring and realistic, such as a small tax refund, unexpected parcel delivery or billing error in your favour.

A copy of the fake email sent to Telstra customers. (MailGuard)

The latest wave of convincing-looking scam emails, identified by MailGuard, claim you’ve somehow paid your Telstra bill twice so you’re entitled to a refund.

Rather than take a shotgun approach the scammers have only sent it to Telstra customers – more than 20,000 of them – who probably won’t find it too hard to believe that the telco has managed to cock up their bill.

This isn’t a cryptolocker attack like many fake emails that have probably arrived in your inbox lately – there isn’t an infected malware attachment or dodgy link designed to encrypt all your documents and demand a ransom. Instead the official-looking letter, supposedly signed by Telstra executive Gerd Schenkel, points you to Telstra’s My Account online portal where you can log into your Telstra account and claim your refund.

Of course the link doesn’t send you to Telstra’s real My Account page, just a very convincing-looking forgery as part of a “phishing” attack hoping to trick you into handing over sensitive information. Along with your Telstra login and password you’re asked to provide all your credit card and billing address details along with your date of birth.

Not only can scammers use these details to go on a shopping spree with your credit card, it’s also enough information for them to pretend to be you and start racking up other debts in your name.

The best defence against these attacks is a healthy sense of paranoia. Often they’ll be riddled with grammatical errors, come from a suspicious-looking email address or rely on a suspicious-looking website name. This latest Telstra attack does look very convincing, but if nothing else the fact that it asks for so much information should ring alarm bells.

Always assume that any unexpected email you received from a service provider is a fake. Never open attachments, click on links in the email or trust the supplied phone number. If in doubt, contact the provider directly to clarify.

If you’ve been caught by this scam the best thing to do is notify Telstra, change your My Account password and notify your bank so it can cancel your credit card.

Have you been caught out by these kinds of scams? How do you spot the fakes?

This article originally appeared in Digital Life, The Sydney Morning Herald’s home for everything technology. Follow Digital Life on Facebook and Twitter.


  • I got 3 of those. Was a nice touch coming stating the email came from a @telstra.com.au email. But the fact they sent it to an email of mine that has never been associated with Telstra account & that it was in the junk folder, well seemed a bit too obvious it was fake heh.

    • That’s one of the bits that makes it believable. They’re more than happy to immediately take money from you electronically when they want it. But when you’re due a refund, you have to wait for “processing”, then they mail you a cheque.
      So to someone receiving such a mail, it is conceivable that Telstra might actually be looking to issue a refund in a speedier way.

      Yes, you may glance at your calendar, it is indeed 2016 and Telstra still think this is an acceptable practice.

Log in to comment on this story!