Email is a great way to share information with family, friends and work colleagues. Every day, millions of people around the world send emails. Let’s face it, we can’t live without it.

Unfortunately, our reliance on email has seen a rise in the frequency which cyber criminals send fake emails known as phishing emails.

Phishing emails are designed by cyber criminals who target consumers and large enterprises around the world, including Telstra and its customers.

These emails look very authentic, often including logos and slogans, to trick you into opening them. They often contain a link or an attachment, which is designed to entice you into clicking on it.

This week, more than 22,000 Telstra customers have received two different phishing emails, both titled ‘Your email bill’. Both fake emails are copies of legitimate Telstra billing emails that have been sent to customers.

One version of the fake email advises customers an account has been paid twice and customers can claim a ‘refund’ if they log into My Account via a link in the email.

This fake email is identifiable by the absence of a ‘$’ sign to describe the amount of money that has allegedly been paid twice and is available for ‘refund’.  Also, the amount supposedly available for refund is shown in a bracket. For example, (202.42*2).

The other fake email advises customers their bill is attached. It is identifiable by a grammatical error in the salutation which is incorrectly addressed, ‘Hi, dear customer’.

Sadly, phishing emails are here to stay and while these ones are easier to pick, it is important that we all take the time to read emails, particularly those with attachments or links to click.

These links and attachments could be infected with malicious software known as malware, or in these examples, the links are designed to trick customers into disclosing their personal details like their name, address and banking details.

These details can then be used illegally. As seen with these phishing emails, there is no ‘refund’ nor any Telstra ‘bill’ that needs to be paid.

If a Telstra customer receives either phishing email, we advise them not to click on the links or attachments, and immediately delete the email from their email account.

Customers can report phishing emails to Telstra via its Misuse of Service form or via the Australian Competition and Consumer Commission (ACCC) at or by calling 1300 795 995.

Telstra’s tips to avoid phishing scams:

  • Beware of unsolicited requests for sensitive information- don’t click on embedded links in emails or sites you don’t know or trust.
  • Never respond to a request for personal information in an unexpected email or pop-up
  • If in doubt, always contact the company that claims to be the sender of the email using its official contact details
  • Make sure all your devices are protected with regular updated anti-virus software; and
  • Use a spam filter to help block unsolicited and unwanted email.
  • If a phishing email contains a Telstra account number, check that the number corresponds with the account number on your previous bill.