BigPond is one of the largest Internet and email providers in Australia

Aug 14, 2014 16:43 GMT  ·  By

A phishing campaign currently affecting Australian users attempts to lure them to a malicious website by informing that their BigPond account is about to be cancelled unless they reactivate it by logging in.

The reason offered for the decision to cancel the email inbox is that the service is upgrading the database and needs “to create more space for new accounts.”

BigPond is one of the largest Internet providers in Australia, also offering webmail services to its clients. As such, the potential impact of this current spam campaign is quite widespread.

“This message is from webmail.bigpond.com admin messaging center to all account owners. We are currently upgrading our database and email account center so we are cancelling unused and used BIGPOND.COM account to create more space for new accounts,” reads the fake message.

Under this text, cybercriminals provide the link that claims to lead to the legitimate BigPond login page. However, the fake website resembles the original, but all the information entered in the username and password fields is sent automatically to the crooks.

As reported by Hoax-Slayer, who caught an email sample, “clicking on the upgrade link will take you to a scam website that asks you to provide your account username, email address, and password. After you enter the requested information and click the 'Send Message' button, you will be taken to a second fake page that claims that the update has been successful and your account is again activated.”

With the credentials in their hands, the crooks can access the email account unrestrictedly. Their main goal is to make money, by using the compromised address for deploying spam campaigns or collecting credentials from individuals known to the victim.

Collecting personal information from the emails in the account can help them build a strategy for stealing credentials for financial institutions that would allow them to empty the victim’s bank account.

Users should delete such messages the moment they hit their inbox; companies would never ask users to log into a web account in order to signal that they do not want to be booted from the service.

Moreover, companies would not remove customers from their database themselves, and even if they did, it would never be on account of freeing up space.

One way to protect against most of these scams is to check the source of the message and look for the email address of the recipient. If it is not related to the provider of the service, then the message is scam.

In this particular case, the login page accessed through the link in the message should offer a secure, HTTPS connection.