Debunking hoaxes and exposing scams since 2003!

Jump To: Example    Detailed Analysis   Comments   References

Telstra 'Business Broadband Cancellation' Malware Email

Jump To: Example    Detailed Analysis   Comments   References


'Order Acknowledgement' email purporting to be from Australian telecommunications giant Telstra claims that your request to cancel business broadband has been sent for processing. The email claims that you can view a copy of the cancellation order in an attached file.

Telstra Broadband

Brief Analysis

The email is not from Telstra and the claim that a broadband cancellation order is being processed is untrue. The email is designed to trick you into installing malware contained in the attached file.



Bookmark and Share

related Links

Related Links

Identity theft is one of the fastest growing crimes in the world. Learn how to stay safe online with Hoax-Slayer's comprehensive eBook:


Subject: Telstra Business Broadband Cancellation Order Acknowledgement
NOTE: This email is automatically generated for notification purposes only and should not be replied to
Thanks for your order. Your request for a Cancellation Order has been sent to the Business Broadband Provisioning team to be processed.
Here’s a copy of your order form.
If you have a query about your order, please do not reply to this automated notification.
Your Telstra Reference Number (TRN) 5827653248.
Thanks again for choosing Telstra to support your business.
Best regards,
Telstra Business Customer Care

Detailed Analysis

'Telstra' Email Claims Your Broadband Will be Cancelled

According to this email, which claims to be from large Australian telecommunications company Telstra, your request to cancel your business broadband has been sent to the 'Business Broadband Provisioning team' for processing.

The message claims that you can review the Cancellation Order request by opening an attached .zip file.

Email is Not From Telstra - Attachment Contains Malware

However, the email is not from Telstra and the attachment does not contain a cancellation order as claimed.

Opening the attached .zip file reveals another file with the file extension .pif. The zip file is called ' The file inside is called 'PDF_copy_of_your_order_form.pdf.pif'.

If you click the .pif file, malware can be installed on your computer. Typically, such malware can collect information such as passwords from the infected computer and download further malware.

This malware campaign uses simple social engineering tricks to achieve its aims. It tries to panic recipients into opening the attachment and installing the malware in the mistaken belief that their broadband account is about to be cancelled.

And, it tries to trick recipients into thinking that the attachment contains a harmless .pdf. Both the .zip and the .pif file contain 'pdf' in the file name. And the files have a double extension.

If file extensions are hidden, as they are by default on Windows computers, the file names will appear as PDF's - 'PDF_copy_of_your_order_form.pdf' - and this may fool some recipients into proceeding without due caution.

It is a good idea to configure your computer to show file extensions.

If you receive one of these messages, do not open any attachments or click any links that it contains.

Note also that very similar malware campaigns may claim to be from other service providers in different parts of the world.

Telstra Broadband


Last updated: January 28, 2015
First published: January 28, 2015
By Brett M. Christensen
About Hoax-Slayer

How to show or hide file extensions in Windows 7 and 8 (and Vista)
Vodafone 'Bill a Bit More Than Usual' Malware Emails

More stories!

'Internet Capacity Warning' Phishing Scam
According to this email, which claims to be from the 'Support Department' at 'Information Technology Services', your internet capacity is 70% full and you therefore need to contact support to avoid problems.
Published: July 6, 2015

Kroger 'Free Coupons' Survey Scam
Message being distributed across Facebook claims that users can receive free coupons from American retailer Kroger just by sharing a message and visiting a third party website to claim their prize.
Published: June 16, 2015

Pointless Facebook Warning - Hackers Posting Insulting Messages or Sexual Content In Your Name
'Hacker' alert messages circulating on Facebook claim that, without your knowledge, hackers are posting insulting or sexual messages that appear to come from you onto your Facebook Timeline.
Published: June 3, 2015