14 DAY TRIAL // Security researchers warn of a new wave of phishing emails targeting customers of Australian telecommunications giant Telstra and its Internet subsidiary BigPond.
The emails claim that billing information on the recipients' accounts is out of date and advises them to update it using the included link.
This is a common lure that has been used by phishers for years to steal financial and credit card details from users of many paid services.
The emails bear the Telstra or BigPoind logos and claim to come from the company's billing department or security advisor.
"During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.
"Please update and verify your information by clicking the link bellow," reads one of the rogue messages.
To add a sense of urgency, the phishers also claim that if the information is not updated in 48 hours the customer will lose the ability to access their account.
Another email speaks of a failure to process the most recent payment and threatens with service interruption. It reads:
"We were unable to process your most recent payment. Please verify that your billing information is correct to avoid interruption of your BigPond services."
The links included in both messages take users to spoofed Telstra pages which contain forms for inputting account, personal and financial information.
The Sophos security researchers point out that during the last few years the phishing landscape has changed significantly and the targets have diversified.
They point out that in 2007 around 95% of phishing attacks targeted financial companies and services, while in 2010 the percentage was just under 38%.
That's because phishers have found ways to exploit other business types, such as online payment services, Internet auctions, government programs, online gaming, social networking or Internet services. ISPs were targeted in 1.2% of phishing attacks last year.