New scam pretending to be Telstra just surfaced again.

Submitted: Friday, Sep 08, 2017 at 08:27
ThreadID: 135535 Views:3301 Replies:5 FollowUps:7
This Thread has been Archived
Just had my Email address hacked yesterday and received a link from Telstra to update my account details (read credit card). I was suspicious of the link and rang Telstra this morning to check it and yes it's a scam. Would appear that around 12 million email accounts have been hacked in Australia and the scam watch people are saying to change your email passwords. How the hell do these people get both your address and passwords when I even have trouble remembering them?
Changed my passwords for Steam and Amazon as they had already made changes to these accounts.
Be careful of these "links".
Back Expand Un-Read 0 Moderator

Reply By: William P - Friday, Sep 08, 2017 at 10:00

Friday, Sep 08, 2017 at 10:00
They don't dont have your passwords - by getting you to hit the link etc the Telstra password and card details is then available to them. If they had your password they could already access your account and get many of your details.

Yes they are a pain.

AnswerID: 613607

Reply By: Les - PK Ranger - Friday, Sep 08, 2017 at 10:46

Friday, Sep 08, 2017 at 10:46
55, Usually nothing has been hacked.

It's just a numbers game, I get these emails ALL the time, from just abut every bank, utility, govco office etc, and then some I've never heard of.
They just hope to hit on firstly those that have business with that particular company / agency, the secondly, that people aren't savvy enough to recognise a scam, phishing to be precise, the electronic form of fishing for cc info, passwords, and worse trojans.

No legit biz needs to access this info in that way, most don't even have access to your info, it's buried (hopefully deep) in their encrypted systems.

If you go through a link in a scam email to a website, and click on their links, you can inadvertently upload a trojan that allows the scammer to access keystrokes, such as banking, access number, password, etc.
They can then fleece the account.
Also opening attachments unknown on an email can do the same thing.

They are usually easily spotted.

The email address sent from has a weird domain and / or extension, eg. one I got this morning from ANZ (who I don't bank with), was . . . block at movingtoaustralia dot anz dot com . . . address 'munged' to no enable it.
They register that dodgy domain with anz in it to look legitimate.

In the email, if you hover over links, even links spelled correctly, they will be totally different web address, one designed to look like ANZ page almost perfectly, but of course they have set this up.

For example, the ANZ email had a line . . .
You will need to Log on and unlock your service.
Log on was a linked text, but hovering over it was a very long sham website address to a UK builders website address, likely hijacked for the purpose.

They are very smart, but also very dumb these scammers, but get enough hits from susceptible people to steal or scam millions.
AnswerID: 613611

Reply By: RMD - Friday, Sep 08, 2017 at 11:39

Friday, Sep 08, 2017 at 11:39
Your email address isn't hacked.
If you have dealet with almost anything on Google or have dealet withan American company in any way, they WILL HAVE onsold your address to others. Wanna buy a list of email addresses today?

Last year I went on a cruise wih the Princess line. BAAAAD idea. They have your email address to communicate with you and bombard you with offers after the event, but afterwards I have received hundreds of scam and spam via email.
Many of them claim I send them pictures or I blocked them on wattsapp, what ever that is,or an emotional plea, or I have won money or Walmart have a $2000 voucher. I don't deal with Walmart, ever.
All similar attempts to get you to get entangled.

Someone In the Princess line makes money out of forwarding email addresses it seems. What is better than having a captive database of suckers?
AnswerID: 613613

Follow Up By: Les - PK Ranger - Friday, Sep 08, 2017 at 12:46

Friday, Sep 08, 2017 at 12:46
Yes re mailing lists are big money spinners, why you need to read T&C when signing up for newletters etc online, many Privacy Policies outright lie of course, but a little caution is all you can do.

The other thing is NEVER click unsubscribe to non subscribed emails you receive, as replying confirms your email is legit and that is worth $ to spammers.

Oh, one more you have to watch . . . petitions online.
I once felt strongly for a charge dot org petition on something and went and signed that petition, shortly after a wave of new source spam starts, so now I don't click on anything like that either.
You can get a generic email such as gmail, yahoo, that you can ignore.
FollowupID: 884103

Follow Up By: Kilcowera Station Stay - Sunday, Sep 10, 2017 at 06:56

Sunday, Sep 10, 2017 at 06:56
So Les, how can you unsubscribe from these emails? I have clicked unsubscribe many times on different ones. Always had it in the back of my mind that maybe it was a bad thing to do. I also report stupid emails to ACMA. I don't think that they ever do anything about it though. Cheers Toni
FollowupID: 884151

Follow Up By: Les - PK Ranger - Sunday, Sep 10, 2017 at 09:55

Sunday, Sep 10, 2017 at 09:55
Hi Toni, in general you don't unsubscribe, unless you recall subscribing in the past.
In the latter case unsubscribe works great usually, they seem to respect your wishes.

I wouldn't click on others obviously uninvited.

Like one this morning from a financial services mob . . .
"You have used our services at Financialservicesonline (domain ext deleted) before", which I haven't.

I will simply use the junk mail filter in my mail reader (Outlook) and mark as junk to be blocked.
For this I right mouse click the header, go down to Junk, and click Block Sender.

It goes to spam folder and in future other emails from that domain will be sent there too.

You have to be careful if you get one from Telstra for example and the domain is a legit one they send bills from for example, the scammers are doing this to trick you into thinking legit, and clicking links in the body of the email.
If the links in the email are false after hovering them to reveal link address, I just delete these so not to block real Telstra domain mail in future.

I check spam with a quick scan every few days to check if anything legally t has gone there (happens rarely) then delete them before too many to look through.

This particular mail is spam vs scam, hovering mouse cursor over the links they are all legit, but still don't click them because there is usually an identifier in the code and it will tell them what email address it came from, so your address is then confirmed and valuable to sell their email list to.

Most mail readers have a spam tool, or maybe you can add one from their site as an extension.

Hope that helps.
FollowupID: 884156

Follow Up By: Kilcowera Station Stay - Sunday, Sep 10, 2017 at 13:19

Sunday, Sep 10, 2017 at 13:19
Thanks Les, that will be handy for lots of people. I'm using a Mac these days and still trying to learn stuff on it. Can't make a signature ( well I did make one but it has gone awol), can't get a read receipt, the spam and blocking senders is weird too. One day it will rain for a week and I will have nothing else to do except play around on the computer and then I might get somewhere with it. Cheers Toni
FollowupID: 884161

Follow Up By: Les - PK Ranger - Sunday, Sep 10, 2017 at 14:26

Sunday, Sep 10, 2017 at 14:26
No probs Toni, I don't know mac at all, but maybe google searches and youtube could be good to check for tutorials, I bet there are plenty out there.
FollowupID: 884162

Reply By: Old 55 - Friday, Sep 08, 2017 at 16:41

Friday, Sep 08, 2017 at 16:41
Thanks for the replies guys yes I understand about links etc and I am very careful clicking on anything but sites known to me. They did attempt to get into my account but Telstra blocked it with a new code required to verify the account change sent to me. They are keen and someone did hack my Amazon account two days ago changing my email and login details. Amazon deactivated the account when I contacted them and reset all access to it. I am not that savvy with some of this stuff and feel quite vulnerable at times but hopefully can keep them out of my bank accounts.
AnswerID: 613618

Follow Up By: Dean K3 - Friday, Sep 08, 2017 at 18:18

Friday, Sep 08, 2017 at 18:18
Hackers or scammers (term used loosely and interchangeable) use a algorithm to randomly send out emails or dial number phone numbers.

Then when somebody answers or opens up the attachment they know its a active account, so bombard it with more crap, reporting emails as phishing doesn't appear to work either I have setup rules for automatic detection and delete for many dodgy emails.

I had the ATO scammers ringing my landline at least 6 times within a 1 hour time period usually around 4-7pm period when your trying to cook tea etc, I just left it to go straight to the answer machine.

Phone now unplugged from wall peace n quiet - and oddly enough WAPOL haven't come to my place with a warrant for my arrest and intend to keep it that way.
FollowupID: 884115

Reply By: Allan B (Sunshine Coast) - Monday, Sep 11, 2017 at 21:40

Monday, Sep 11, 2017 at 21:40
Having your email address onsold and then receiving spam emails is bad enough but there is also another problem..... having to give your email address to someone simply to access their website or to someone that you deal with only once.

A solution that works for me is to create a new mailbox within your email account but with a quite different name that has no obvious link to you. Use this sending address for those casual communications, then when it has been "corrupted" simly close that mailbox and open a new one on another name.

Of course you retain your original address for your friends and hope that none of them onsell it. Lol

It still does not solve the problem if the address you provide to your permanent ongoing contacts such as bank get onsold but it does cut down a lot of scam and spam emails.

And of course it does not fully help Toni from Kalcowera where she has to maintain a commercial email address.

My Profile  My Blog  My Position  Send Message

AnswerID: 613705

Follow Up By: Les - PK Ranger - Monday, Sep 11, 2017 at 21:49

Monday, Sep 11, 2017 at 21:49
Yes, spambots that scan websites for email addresses are pretty clever.
Even not having the email link active they pick it up and put on the list.
Not a good thing for biz to do, as it makes people copy text only email address and paste to email programme.
Why a lot of biz use form submissions for contact, then follow up form their real email.

Computers, internet, emailing, online shopping, all great but you have to be on your toes to not get snowed under or have your info / equipment compromised by the unscrupulous.
FollowupID: 884207

Sponsored Links

Popular Products (9)