Another day, another phishing scam. Todays winner, Telstra

Received this Phish today claiming to be from Telstra..

Office365 managed to pick it up and junked it as well as blocked the html. It looks genuine because it comes from a Telstra domain (its a spoofed address) but definately not the case.First up, viewing the raw data it looks like this:

Notice above it uses a URL shortening service called shortingking, one I hadn't heard of before, but a common technique used by atatcker to hide the real address. Other common shortening services include tinyurl and bit.ly

Not a whole lot of effort here in regards to the email, they didnt input graphics common in other Telstra legitimate and Phish emails, and they didnt set up a similar sounding domain either.Telstra emails are really common at the moment, here is another one I received only 2 weeks ago:

A lot of common Phish indicators in this one too.If we compare the first email to a legitimate Telstra email bill:

We can see they have copied the bottom section of a typical email but left the top section custom.

Also note the legitimate email from Telstra has a bill as an attachment. These Telstra Phishing emails are all too common lately, so if you receive one look for these signs to confirm if legitimate or not.

  • A real Telstra email will come from an @telstra.com.au domain

  • It will not be junked by default

  • Will contain graphics

  • Will contain information such as your account and/or bill number

  • Will contain a bill as an attachment

  • Will ony contain links to a Telstra address like: https://www.telstra.com.au/my-account/ not to anything else.

If in doubt log into your Telstra myaccount portal and access your bill from there.Till next time.


© 2020 Dan Weis

danweis.me