Telstra Email Scam: How It Works, Evolves, and How to Recover

The Telstra email scam has become one of the largest scams affecting Telstra customers. Since 2023, when Telstra switched to its latest email system, the spam filtering has been ineffective at blocking scam emails for well-known phishing scams, leading to many Telstra customers losing control of their email accounts and Telstra accounts in general.

The Telstra phishing scam is based on social engineering, people receiving an email they think is from Telstra and, due to the small window of time the email says, follow the instructions they are given.

How the Telstra Email Scam Started

An example of an email is here,

The Telstra customer received this email on 6 May. With only 24 hours until the deadline for the email, the customer could be tricked into clicking on the link to “approve” the fake terms and conditions out of fear of losing their email address.

When the Telstra customer clicks on the link, they end up at a website similar to this one.

What Happens After You Click the Scam Link

With Telstra branding on the page, they continue to follow instructions due to the continued fear of losing their email address, not realising the page is not actually on a Telstra website.

The Telstra branding continues to the following page, where the customer puts their email address and password. Those details are then stored on a system controlled by the scammer.

The page then asks for the 6-digit number Telstra send to their phone, which is again stored on the system controlled by the scammer. This code is meant to be a security feature to keep Telstra customers’ accounts safe. As you will see, it does not work.

Once the code is entered, the Telstra customer is sent to the actual Telstra website, with no way to go back and no way to know they have been scammed.

From this point, the Telstra customer has no control over what will happen or when.

The scammer has a program that will use the details they now have to gain control of the account, allowing them to use the account at will. In most cases, this is about a week after the Telstra customer has been scammed.

The scammer will access the Telstra customers’ email through the Telstra website to send emails to any email addresses they see on the Telstra customers’ accounts. This can include people the Telstra customer has emails from, received emails from, or even people’s email addresses they find in forwarded emails from group emails.

The scammer creates an email that is very similar to the Telstra email address with another system, Gmail or Outlook and then the scammer sends emails to any email addresses they find.

The email address asks people to reply to the email rather than call due to the scammer now having control of the account.

The scammer makes the email they send have any replies get sent to their created email address rather than the original Bigpond email address but, in case people don’t reply instead send a new email to the affected Bigpond email address, they set the Telstra email system to send all emails the Telstra customer would normally get to the new fake email address.

The purpose of the scam at this point is to get other people to send gift cards to them so they can sell them on the internet. They do this by tricking people into buying the gift cards for the Telstra customer’s “niece” because they are unable to visit the shops to buy them.

While still in control of the account, the scammer then activates App Specific Passwords on the Bigpond email account, so even if the password on the account is changed, they can still access the affected email address.

The latest evolution of the scam sees the scammer add a passkey to the Telstra account so they can still access the Telstra account when the password is changed, as their devices are considered linked to the account by Telstra.

While the scammers have control of the account, they can do whatever they want in the Telstra account. With the latest evolution, they are now spending Telstra rewards points on Gift Cards that they can sell for a profit.

Anyone who has fallen victim to the scam won’t know until they are no longer getting emails, and people are ringing them asking if they are OK. At this stage, the scammer has already had control of the account for a while.

Telstra will “lock” the account once their system realises the damage has been done, but the clean-up is far from done.

How to recover from a Telstra email scam

  • The Telstra customer needs to get a new password for their account, which can be done through the Telstra website or over the phone.
  • Make sure there are no app-specific passwords in their Telstra Webmail.
  • Make sure there are no email forwarders in their Telstra webmail.
  • Delete any Passkeys linked to their Telstra account to prevent scammers from accessing their account.

With those 4 tasks done, the Bigpond account is once again safe.

The Telstra customer will then need to put the new Telstra password into every device that they use for their emails for both receiving and sending emails.

This article is based on findings by Matthew McBurney. For more information and updates, visit his website: www.clicksonline.com.au or follow him on Facebook

Brought to you by CyberShack.com.au

Comments

Leave the first comment