Subscribe:
14 Jan 2013
By Leigh Price
Jan
14
2013

Hoax warning: fake Telstra PDF email bills

Filed under: , , ,

Virus-header

We’ve recently become aware of a hoax notification email notifying customers their PDF and/or online bill is now available. It may also request additional information about your account be sent through.

What should you look out for?

  • If there is no name on the letter (as in it is not addressed to you personally it just says Dear…then is blank) then it is a fake. Do not open.
  • Check the account number written in the email matches with an account number on a previous Telstra bill. Your account number should always remain the same. If the number looks different then it is a fake. Do not open.
  • If it asks you for any specific account details or personal information it is a fake. Telstra never asks for these details via email. Do not open or disclose any personal or account details.

If you are unsure about an email you receive, go to Telstra.com and log in to My Account and check what you have been emailed against information within My Account – make sure the information matches. Do not use the links provided in the email.

An example of the latest hoax email

Additional information:

There are thousands of hoax emails that circulate around Australia every year and put customers at risk of fraud when they inadvertently respond and provide their personal details.

We urge customers to be very suspicious of emails sent by people unknown to them, containing misspelt words or directing them to a link.

These hoax emails are often malicious and designed to obtain private information such as credit card details and passwords, or potentially expose your computer to a damaging virus. The best advice is to ignore and delete these messages.

Telstra and BigPond will never send an email requesting passwords, account verification, credit card details or other personal details by asking you to ’click on a link. You should only provide this type of information in response to an expected request or one you have initiated.

We have also established a Misuse of Service page where customers can report hoax emails that appear to be from Telstra or BigPond.

If you suspect you have received a hoax email:

  • Do not reply to it
  • Do not open any attachment or click on any embedded links
  • Delete the email

The other steps you can take to protect yourself include:

  • Beware of unsolicited requests for sensitive information – don’t follow suspicious links from senders or sites you don’t know or trust
  • If in doubt, visit trusted websites by typing the internet address (URL) into the browser address bar rather than clicking on a link embedded in an email. Save frequently used links in your favourites or bookmarks
  • Never respond to requests for personal information in an unexpected email or pop-up window. If in doubt, always contact the institution that claims to be the sender of the email or pop-up window
  • Use a spam filter to help block unsolicited and unwanted email

People can also visit Telstra’s Internet and Cyber-Safety page for other tips to stay safe online – no matter what age, online interests or skill level.

For more information on this latest hoax, please visit our CrowdSupport forum.

By

Posts: 21

37 Comments

  1. Heironymous says:

    This is all very well, but you should by now know what effect opening the attchment had, and it would be sensible to let us know at what risk this put us.

    • Leigh Price (Blog Editor) says:

      Hi there -- the actual affect of the virus is unknown as there are potentially quite a few variants out there. Your anti-virus scanning program will provide more detailed information on what impact the virus has on your system, if you’ve been impacted.

    • Ken says:

      I am an IT administrator and had encountered a similiar email where the “attachment” was a virus that encrypted the entire hard drive of the computer using a 1024 bit cypher (allegedly). The virus then demanded $1K plus payment via credit card for a decryption key. There was a finite amout of “tries” to guess the decryption key before the hard drive was wiped.

      I had to wipe the hard drive and all its contents to reinstate the computer.

      It was essentially blackmail.

      Backups your important documents/photos etc regularly!

    • Archie says:

      I have been a Telstra customer 40 years plus and this whole matter really is a no brainer. The information which Telstra has provided in their alert is more than sufficient to not only put people on their guard but also the steps necessary to deal with it. I personally am grateful for the “heads up” they have given me.

  2. Rob Vance says:

    This type of scam email will catch a lot of people. It is getting to the stage where you will not be able to trust
    any email. Your computer gets all messed up and you lose files , photos etc.
    Maybe we should have a separate old computer for emails alone and be able to just wipe the hard drive when these more sophisticated email scams catch us out.
    Believe me they will only get more sneaky and tricky to deal with.

    • Tess Rush says:

      it is getting harder to tell which are fake and which are real, in my company i get at least 20 a week. i have a list of all the places that i can forward them on so that the real people they are pretending to be can do something about them. one that i got last week was so good, even the link looked real (floating mouse over link). if it wasnt for the fact that they were talking about a whole family dying on christmas day in a bad plane crash (alarm bells going off)(everyone in the world would know about that especailly since it was a president of some country).

      my lap top at home has never had e-mails run through it. i only check my hotmail every now and them -- and i never get anything to open, anyway.

      the scammers are getting smarter -- and that is a scary thought, we have been able to tell that they are a scam, but im even having to double check things now and that is damb right scary.

  3. John says:

    Is this enough to warn your customers?

    I suspect that Telstra (Bigpond) have a significant number of non technical users and non TEX readers that may get caught with this scam.

    Surely Telstra has a method to inform all of its internet users of this scam. Even if some users consider such a message as spam these sorts of notices should be sent to every Internet (Bigpond and Telstra) subscriber to inform them of the potential harm.

    • Leigh Price (Blog Editor) says:

      There are thousands of hoax emails that circulate around Australia every year and many purport to be from Telstra on regular basis. We let our customers know in a number of different ways about this hoax as we do with other scams.

    • Hervey Bay Tech says:

      I have to agree, there are literally thousands of viruses floating around, it’s not up to the ISP to make your computer safe.

      You choose to get online and you choose to use Telstra as your ISP, so you need to be safe online.

  4. Neil Boast says:

    I have received 2 Hoax Telstra Bill emails and the Real Telstra Bill by Email and to be honest the fake ones seem more authentic.
    The ‘real’ Telstra Bil by email was nearly a megabyte in size and the ‘fakes’ were only a hundred Kb or so, what I have noticed in general is that large Emails are suspect as they are usually packed with an exe file disguised as a PDF. I will not be opening ‘any’ large emails from Telstra until they can improve their identification methods!

    • Charles Atkin says:

      Looks like i got caught with this one……..before i noticed the .exe on the pdf tag I had started to open it, when i thought about it, tried to abort and not sure what has happened. Am now having trouble accessing work computer from home using Remote Desktop Connection.
      Any hints on fixing???

  5. kezza says:

    i got emails as well if telstra want my service to continue they can still send me the bill i pay enough with out having to use ink to print the bar code out they make millions im just a pensioner so they can get knicked if they dont like it i will go somewhere else what about older people they dont have computers my mother wouldnt know how to use one leave it alone and send the bill in the mail and use your own ink thanks

  6. Andy says:

    I would think telstra could identify the threat. This is widespread, and received by businesses.

    • Alison says:

      What has upset me about Telstra lately is that if you choose the safer paper method, I notice we now get stung with a $2 charge. This is forcing us to use a very unsafe method that puts our computers at risk should we open the wrong bill.

  7. Sidonie Gnauck says:

    Shouldn’t the question be, how did the scammers get hold of customers personal/private emails held by Telstra?

    • Leigh Price (Blog Editor) says:

      Hi Sidonie -- these email addresses were not obtained from Telstra. Lots of non-Telstra customers also received the email. With these types of scams, it’s likely that victims of the hoax are unwittingly sending the emails to their entire address book.

    • Tess Rush says:

      i am not with telstra and i have recieved the hoax e-mail, hahahahahahahahahahahaha -- i was a bit shocked seeing as i have never been with Telsra in my life.

  8. Lyn says:

    I have received two text messages today with two different amounts saying in two days I will be late and to pay my bill in two days. Very weird.

  9. Nick says:

    Can someone tell me what the virus actually was? One of our staff succeeded in downloading this virus. It was not picked up by our virus scanning software yet some of her online accounts have picked up the virus and locked her accounts.

    I would like to research a virus removal specifically for this virus

  10. Tania says:

    Just received the fake email.

    Am not opening it.

    Mine is telstaemailbill no reply with subject: Here is your telstra bill by email -- 200…

  11. Kezzza says:

    yes sending out a bill to people who have never asked for it to come by e mail should be required without being charged $2 extra for the paper and mailing costs which they wouldnt come to even without economies of scale coming into play, reducing the costs. most of the people who dont want it sent by email are either elderly and/or in the lower socio economic groups, where because of the costs involved dont have home access or dont have constent access so therefore if they are getting a bill for a home phone, they dont need to be trying to get to a computer with internet access worrying that they wont get their bill in time to pay it. do those people who will be effected the most really deserve to be penalised when they are the ones doing it the hardest

  12. Rebecca says:

    Just a heads up we receieved a HOAX paper bill that had we not questioned it we would have paid. The only difference was the account number and biller reference code. Which signaled to me that it was someone that works for telstra that got all our other information.

    • Gigi [Telstra Staff] says:

      Hi Rebecca,

      Thanks for the heads up :) No stresses if you can’t, but if you get a spare moment over the next few days, would you be able to chat to our online 24x7 Customer Support team via LiveChat (http://tinyurl.com/24x7-service) or via their Facebook page (see the link above)? This particular bill seems highly unusual and it would be good to get one of the customer service guys to look into it properly.

      Thanks!

  13. Troy says:

    I’ve got a direct email from my Telstra only address (that no one else has) re: changing CC details -- luckily I caught it… but Telstra should provide a forwarding address for these so a security team can follow it up? Many other places do, including banks. More importantly, how did they get an Telstra account address that is never used?

  14. Hey there! I could have sworn I’ve been to this site before but after checking through some of the post I realized it’s
    new to me. Anyways, I’m definitely delighted I found it and I’ll be book-marking and checking back frequently!

  15. concernedCustomer says:

    I received a scam telstra email immediately after I registered for email billing. There is no doubt that the two are linked. Does Telstra understand that the scammers have penetrated our private accounts?

    • concernedCustomer says:

      I spoke to a Telstra BigPond call centre rep about my account today, during which I had to give my email address. Virtually right after this, I started receiving a number of junk mails about getting rich quick schemes. There is no doubt that these junk mails are a direct result of this. Can someone in Telstra check that the call centre reps do not pass on information obtained during service support to third parties.

  16. Anna says:

    Hi, just an email about a Tax Credit on my bill. How do I send this to Telstra?

  17. Bernie says:

    This week I received two Telstra accounts and they appear to be exactly the same regarding amount owing, account No etc. except one said Dear Mr and my correct name and the other said Hi and my correct name. The one with ‘Hi’ had the pdf attachment which I did not open. But it was enough to send me looking for information about scams.
    I will be reverting to a hard copy account as it is becoming very difficult to pick the difference.
    Bernie W

  18. Gloria Wallace says:

    I received two Telstra emailed bills this month and one was a scam. The scam email was a perfect replica of the legitimate Telstra bill, except it had a different amount due, had one different digit in the payment link and had an account number that was not mine. It was so authentic looking that I thought that Telstra had made an error and sent me someone else’s bill. I opened the scam one, which was picked up by my “spam” account, initially I thought it was not spam. I called Telstra customer service, without making any payment or using any of the links, to be informed that it would be “looked into” as it was a scam email. I changed back to paper billing.

  19. bruce says:

    i’ve just received a fake telstra home phone bill.
    the things that made me suspicious were the attachment was a zip file and not a pdf file, the account number was not mine, the due date in the e mail did not match the due date in the bill detail area, there was a $10 credit showing in the bill detail area and there were no odd cents showing in the bill detail area. as i use yahoo for my e mail the fake bill arrived in my spam folder. apart from all that the rest of the bill was identical to a real telstra bill complete with gerd’s signature at the bottom.

  20. Mark Leonard says:

    I’ve received a phishing spam email from a domain impersonating Telstra. We have blocked the domain on our email gateway. I’ve alos provided the details of teh spam to Telstra via the Report Abuse process. Can Telstra please provide a list of all the Internet domain names that are impersonating it? Other organisations do this so individuals and companies can proactively block all known sources domains. I’ve searched Telstra’s website and have found a list of spam examples but not a list of the source domains.

Leave a Comment

Heads up! You are attempting to upload an invalid image. If saved, this image will not display with your comment.