Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 147 - February 2013 (1st Edition) - Page 18

Bogus Telstra 'Email Bill' Carries Malware

Issue 147 Start Menu

Previous Article            Next Article

Outline
Email purporting to be a bill notification from Australian telecommunications company Telstra urges recipients to open an attached file to deal with an overdue account.



Brief Analysis
Although it closely mirrors a genuine Telstra bill notification email, the message is not from Telstra. The attached file contains malware. If you receive one of these messages do not open any attachments or click on any links that it may contain.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: January 17, 2013
First published: January 17, 2013
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

For your account number:
This bill number:

_
Dear,
i
Please find a PDF file of your latest bill attached. It’s due for payment by 13 Jan 13._

We’ve noticed you have an overdue amount which should be paid immediately. Please check this latest bill for the details and contact us if you have any questions.

Looking for an easier way to pay?i
For true convenience and the ability to avoid fees by paying directly from your bank account, why not set up Direct Debit Automatic payments? That way, you’ll know the right amount will get charged against your cheque or savings account on time, so you don’t have to worry about remembering each due date. Plus, we'll send your bill at least two weeks before payment is due so you'll still have time to review each bill and ask any questions. You can learn more about our Direct Debit options here.

Keep on top of your account.
As well as receiving an Email Bill, you can also view and manage your bill online using My Account. It’s a convenient way to keep on top of your account activity, with access from your PC when it suits you.
_
With My Account, you can:
•imanage your Email Bill settings including changing to a detailed or summary bill
•iview, download and pay your bills any time
•imonitor your call costs between bills
•ikeep track of any mobile data usage.
_
If you haven’t registered yet, go to telstra.com/myaccount and use the following information to register:
_
Thanks again for choosing Telstra. If you have any questions or would like to know more, you can call us on 13.22.00 or contact us here
_
See you online soon,

Gerd Schenkel
Executive Director, Telstra Digital

Telstra Email Bill Malware




Detailed Analysis
A Genuine Telstra Email Bill
A Genuine Telstra Email Bill Notification

This message, which purports to be from Australian telecommunications giant Telstra, masquerades as a bill notification message and informs recipients that they have an overdue payment that must be seen to. The message claims that a PDF of the bill is available via an attached file. The message comes complete with the Telstra logo and colour scheme and even includes seemingly official promotional material.

However, the email is not from Telstra and the attached file contains not a PDF bill but a .zip file that harbours malware. This is a quite sophisticated malware campaign. As the screenshot to the right reveals, the message very closely resembles a genuine Telstra email bill notification.

Customers who opt to receive bills from the company via email will be sent notification emails that do indeed have an attached PDF containing the bill. Thus, even more astute Internet users might be tricked into opening the attachment if they are expecting a genuine Telstra bill notification.

Opening the attachment .zip file on these scam emails reveals a hidden .exe file that, if clicked, can install malware on the recipient's computer. The malicious payload attached to these bogus emails may vary. However, the example I tested contained a copy of the Troj/Invo-Zip trojan, which reportedly downloads and installs further malware components.

The lesson here is to always be vigilant and examine emails closely before opening any attachments or links that they may contain. These bogus emails do not include the full name of the recipient as genuine Telstra notifications do. Nor do they contain genuine customer account numbers. So, if the Telstra bill notification message does not address you by name and does not include your real account number ( cross-reference with a previous bill), attachments should not be opened.

Telstra has warned customers about this malware campaign via a post on the Telstra News Blog.


Bookmark and Share

References
Telstra bill scam hits customers
Sophos - Troj/Invo-Zip
Hoax warning: fake Telstra PDF email bills

Previous Article            Next Article

Issue 147 Start Menu

Pages in this issue:
  1. Does Rubbing Vicks VapourRub on Your Feet Relieve Coughing?
  2. FedEx Incorrect Delivery Address Malware Email
  3. Mickey Rourke Did NOT Die in A Snowboard Accident
  4. Facebook 'Pirates' Fraud Warning
  5. Spurious First Aid Advice - Flour For Treatment of Burns
  6. Kate Curry Missing Child Alert - Kate Has Now Been Found
  7. Circulating Post Recommends Wasp Spray As A Substitute for Pepper Spray
  8. Love Desire Facebook Group 'Virus' Warning
  9. Coconut Crab Photographs
  10. St.George Bank Phishing Scam Emails
  11. Facebook Trialling Option to Pay to Directly Inbox Non-Friends
  12. Sylvester Stallone is NOT Dead
  13. Shared Photo Request To Identify Cat Killers
  14. Who Will Be Your Valentine Virus Warning
  15. Hoax - Facebook Shutting Down on May (or March) 15, 2013
  16. Lead in Lipstick Alert - Cancer Causing Lipstick Hoax
  17. Blackberry 'Broadcast or Update Cancelled' Hoax
  18. Bogus Telstra 'Email Bill' Carries Malware
  19. Google Street View and the Donkey
  20. Interesting Old Human Formation Pictures