14 DAY TRIAL // Australia’s largest telecoms company, Telstra, recently suffered a data breach which may have left its Bigpond customers exposed. Cybercriminals who want to profit from the unfortunate situation have started sending phishing emails to customers, advising them to update their billing information.
As in many similar cases, whenever a major event occurs, hackers will launch malicious campaigns that target the individuals and companies involved. Many consumers may be aware of the security breach, which makes them easy targets for anything that seems to be coming from Telstra.
Baring the subject “ADSL Service Cancellation Notice” and coming from a spoofed address, the email alerts Telstra Bigpond clients that their services could be suspended if they don’t update their billing information.
The phishing message provided by Sophos reads:
Dear BigPond User, Telstra BigPond is sending you this e-mail to inform you that our service to you could be suspended. This might be due to either of the following reasons:
1. You have changed your billing address. 2. You have Submitted incorrect information during bill payment process. 3. Your credit/debit card has expired. 4. You didn’t update your bigpond profile.
According to above, and to ensure that your service is not interrupted, we request you to confirm and update your billing information now.
The link contained at the bottom of the message points to a cleverly set up page on a compromised blog that steals all the credit card information required by a crook to perform illegal transactions.
Users are advised to take note that companies will never send emails that require credit card information. Telstra may have fallen victim to a hacking operation, but because they are aware of such phishing expeditions, they would never require sensitive data.
Spelling errors, the suspicious links and threats, in most cases indicate the presence of a malicious operation, which is why consumers are always recommended to carefully analyze an email before rushing to do what it asks.