Last updated: January 17, 2013
First published: January 17, 2013
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
For your account number:
This bill number:
Please find a PDF file of your latest bill attached. It’s due for payment by 13 Jan 13._
We’ve noticed you have an overdue amount which should be paid immediately. Please check this latest bill for the details and contact us if you have any questions.
Looking for an easier way to pay?i
For true convenience and the ability to avoid fees by paying directly from your bank account, why not set up Direct Debit Automatic payments? That way, you’ll know the right amount will get charged against your cheque or savings account on time, so you don’t have to worry about remembering each due date. Plus, we'll send your bill at least two weeks before payment is due so you'll still have time to review each bill and ask any questions. You can learn more about our Direct Debit options here.
Keep on top of your account.
As well as receiving an Email Bill, you can also view and manage your bill online using My Account. It’s a convenient way to keep on top of your account activity, with access from your PC when it suits you.
With My Account, you can:
•imanage your Email Bill settings including changing to a detailed or summary bill
•iview, download and pay your bills any time
•imonitor your call costs between bills
•ikeep track of any mobile data usage.
If you haven’t registered yet, go to telstra.com/myaccount and use the following information to register:
Thanks again for choosing Telstra. If you have any questions or would like to know more, you can call us on 13.22.00 or contact us here
See you online soon,
Executive Director, Telstra Digital
A Genuine Telstra Email Bill Notification
This message, which purports to be from Australian telecommunications giant Telstra, masquerades as a bill notification message and informs recipients that they have an overdue payment that must be seen to. The message claims that a PDF of the bill is available via an attached file. The message comes complete with the Telstra logo and colour scheme and even includes seemingly official promotional material.
However, the email is not from Telstra and the attached file contains not a PDF bill but a .zip file that harbours malware. This is a quite sophisticated malware campaign. As the screenshot to the right reveals, the message very closely resembles a genuine Telstra email bill notification.
Customers who opt to receive bills from the company via email will be sent notification emails that do indeed have an attached PDF containing the bill. Thus, even more astute Internet users might be tricked into opening the attachment if they are expecting a genuine Telstra bill notification.
Opening the attachment .zip file on these scam emails reveals a hidden .exe file that, if clicked, can install malware on the recipient's computer. The malicious payload attached to these bogus emails may vary. However, the example I tested contained a copy of the Troj/Invo-Zip trojan, which reportedly downloads and installs further malware components.
The lesson here is to always be vigilant and examine emails closely before opening any attachments or links that they may contain. These bogus emails do not include the full name of the recipient as genuine Telstra notifications do. Nor do they contain genuine customer account numbers. So, if the Telstra bill notification message does not address you by name and does not include your real account number ( cross-reference with a previous bill), attachments should not be opened.
Telstra has warned customers about this malware campaign via a post on the Telstra News Blog.