The latest scam detected by email security vendor MailGuard involves a "very convincing" forgery of a Telstra email bill notification.
According to MailGuard, the campaign is "one of the most sophisticated phishing attacks" the company has seen recently.
While the scam email isn't an exact replica of a Telstra email bill, the overall style is very close.
The first indications that this is a scam are that the subject line does not contain the recipient's Telstra account number, and the salutation is a generic "Dear customer" rather than "Dear <name>". As a general rule, if an organisation knows your name, you should expect to be addressed by name.
Instead of showing summary information about the bill like a genuine Telstra bill notification, the scam email asserts that "Our billing system was unable to process your last payment" and asks the recipient to click through to their Telstra account and pay online.
Of course, the link goes to a phishing site rather than the real Telstra site. The scammers have tried to mask this by using a URL that starts with "www.my-telstra-com-au" - the real site uses the domain "www.my.telstra.com.au".
The phishing site attempts to collect the victim's Telstra account credentials, and then their credit card details - including the credit limit on that account, which is used by some banks as a "secret question" to verify that the person making an online transaction is the account holder. You should only ever enter that information if you are absolutely sure you're on a page operated by your own bank.
Other information requested includes the billing address (knowing that makes it easier for scammers to charge orders to a victim's card while having the goods delivered to the address of their choice) and three pieces of information that make it easy to pose as the victim: date of birth, driver's licence number, and mother's maiden name.
As MailGuard pointed out, "In our busy lives, we are often hasty in reacting to emails and criminals take advantage of that." So be on the lookout for this and other scams.