Telstra BigPond 'Re-validate Account' Phishing Email
OutlineEmail purporting to be from Australian telecommunications company, Telstra, claims that the recipient's email account has exceeded its storage limit and he or she must therefore re-validate the account by clicking a link.
© Depositphotos.com/ weerapa
Brief AnalysisThe email is a phishing scam designed to trick Telstra BigPond customers into giving their account login details to criminals. Armed with the stolen data, the criminals can hijack the compromised BigPond accounts and use them in further scam and spam campaigns and to conduct other fraudulent activities.
Scroll down to read a detailed analysis with references.
BigPond Email Team
Dear BigPond User,
This message is from Telstra |BigPond| email admin department and we are sending it to all our customers because we have recently upgraded our email systems to improve functionality/performance and quality service delivery.
We have noticed that your e-mail account has exceeded its storage limit which is 20 GB as set by your account administrator, you are currently running on 20.9 GB, you may not be able to send or receive new e-mails until you re-validate your account! . To re-validate your e-mail account, please click on the link below. All fields are required;
Using our BigPond email services means choosing the leading Internet and Data Communication Network Service Provider with the best customer service available. As an Internet and IP phone service provider, we offers low-cost solutions for your high speed Internet and long distance needs, whether for your ! business or your home, BigPond is Internet you can trust.
Telstra E-Mail Team
© BigPond Webmail UnLimited 2014
According to this email, which was supposedly sent by the Telstra Email Team, the recipient's BigPond email service has exceeded its storage limit. The message further claims that the Telstra BigPond 'admin department' has recently upgraded the company's email systems to improve service.
Therefore, claims the email, the user must click a link in the message to re-validate his or her account and avoid problems with sending and receiving messages.
However, the email is not from BigPond, or parent company Telstra. In fact, the message is a phishing scam designed to steal account login details and other information from BigPond customers.
Those who believe the lies in the email and click the link as instructed are taken to a webpage that asks them to provide their account login details:
The scam page is a quite crude attempt and does not look like a genuine BigPond webpage. And, it is hosted by a service that offers free websites to users.
After they have collected the information submitted on the fake BigPond page, the scammers can then use the data to gain access to the compromised accounts. Once in, the criminals can use the accounts to perpetrate further scam emails, send out malware messages and launch spam campaigns, all in the names of their victims. They may also gather more personal information from within the hijacked accounts and commit further fraudulent activities.
Like other major telecommunications companies around the world, Telstra is regularly targeted by scammers. Be very wary of any email that claims that you must click a link to login to your Telstra or BigPond account to rectify a billing or account problem, perform an upgrade, or avoid an account suspension. Telstra or BigPond will not send you unsolicited emails asking for your login details. Telstra has published information about phishing scams and how to report them on its website.
Last updated: March 19, 2014
First published: March 19, 2014
Written by Brett M. Christensen