Telstra brand spoofed in $500 gift card phishing scam

Telstra’s brand is being employed by scammers in order to launch an email phishing campaign aimed at harvesting confidential details from victims.

Spotted on 15 October by email filtering provider MailGuard, the phishing scam purports to be from Telstra and appears to be a notification from the telco. 

“Using a display name of 'Telstra' with a domain to match, the email actually originates from a single forged email address,” MailGuard said in a blog post. “It is titled ‘$500 Citibank Visa prepaid gift card reward’. 

“The email’s body incorporates the Telstra logo and branding and advises the recipient that they need to claim their gift card reward before ‘18/10/2019’. A ‘claim link’ is provided for recipients to click on to access their gift card,” the company said. 

According to MailGuard, recipients who click on the link to claim their award are redirected to a second URL which simulates a Telstra login page. This is a phishing page designed to obtain confidential data about users. 

“When the user inserts their login credentials, they are then led to a blank page, which is probably meant to simulate a slow connection or unreachable destination,” MailGuard said.

One of the key features of this scam to look out for, MailGuard said, is the inclusion of detailed delivery instructions in the email, informing users that they will need to verify their identity when they are claiming their reward and that ‘a signature is required for collection’.

MailGuard has also revealed that it intercepted on 14 October a phishing invoice email scam designed to trick victims into revealing their confidential data. 

Titled ‘Invoice INV# - Payment’, the email appears to have been sent by a single compromised email address, and has no body. Indeed, it only contains an attachment that is supposedly an invoice receipt, according to MailGuard. 

Potential victims who decide to open the attachment are taken to what appears to be an invoice receipt containing details of multiple payments. Recipients are directed to clickon a link to download the actual invoice.

However, those who click on the link to download the invoice are in fact redirected to a phishing page using fake Microsoft Office 365 branding, which is designed to harvest users’ login credentials.

A few red flags to watch out for, according to MailGuard, include the poor design of the email itself and the fact that the email has no message in its body.

The use of fake Office 365 login page seems to be particularly popular among scammers, with MailGuard just a week earlier picking up another new phishing email scam that uses an ‘audio file’ to deliver a phishing attack by directing victims to a fake Microsoft Office 365-branded login page.