The data breach that affected Telstra's Bigpond customers is still being leveraged

Mar 26, 2012 07:14 GMT  ·  By

After the Australian telecommunication company Telstra suffered a data breach in December 2011, cybercrooks launched phishing campaigns that targeted the account credentials of the firms’ Bigpond customers.

Right after the incident took place, phishers started sending ADLS service cancelation notices and now they return with another scam email that appears to rely on the same data breach.

Spyware Sucks reports that the latest emails that land in inboxes look something like this. Dear Bigpond E-mail User,

We have temporarily limited all access to sensitive account features in our E-mail accounts. In order to restore your account access, you need to reply to this email with your username and password.

Due to much junk/spam emails you receive daily, we are currently upgrading all email accounts spam filter to limit unsolicited emails for security reasons and to upgrade our newly improved E-mail account features to ensure you do not experience service interruption.

You must reply to this email immediately with your user name and password to enable us upgrade your E-mail account properly.

A confirmation link will be send to you for the Re-Activation of your e-mail Account, as soon as we receive your response and you are to Click on the “Confirm E-Mail” link on your mail Account box and then enter this confirmation number: 1234-6778-4325-2342-6635

Thank you for understanding.

The analysis of the email revealed that it’s being sent from a compromised Bigpond email account in order to make everything more legitimate looking.

The source IP address of the false notification is from India, but users who fall for the trap set by the crooks and send their account credentials are actually sending them to a China-based email address that’s also being utilized in an ICC Cricket Promotion scam lottery.

We would like to take this opportunity to remind everyone that one of the first and most obvious clues that gives away the true identity of such a scam is represented by the large number of typos and grammar errors in the text of the notification.

The fact that some “keywords” are written with a capital letter is also a sign that it was designed by a cybercriminal. It’s not uncommon for companies to emphasize certain words when sending notifications, but as you can see in this particular message, the word “email”, for example, is written in three different forms without any apparent logic.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.