Telstra 'Business Broadband Cancellation' Malware Email
'Order Acknowledgement' email purporting to be from Australian telecommunications giant Telstra claims that your request to cancel business broadband has been sent for processing. The email claims that you can view a copy of the cancellation order in an attached file.
The email is not from Telstra and the claim that a broadband cancellation order is being processed is untrue. The email is designed to trick you into installing malware contained in the attached file.
Identity theft is one of the fastest growing crimes in the world. Learn how to stay safe online with Hoax-Slayer's comprehensive eBook:
Subject: Telstra Business Broadband Cancellation Order Acknowledgement
NOTE: This email is automatically generated for notification purposes only and should not be replied to
Thanks for your order. Your request for a Cancellation Order has been sent to the Business Broadband Provisioning team to be processed.
Here’s a copy of your order form.
If you have a query about your order, please do not reply to this automated notification.
Your Telstra Reference Number (TRN) 5827653248.
Thanks again for choosing Telstra to support your business.
Telstra Business Customer Care
'Telstra' Email Claims Your Broadband Will be Cancelled
According to this email, which claims to be from large Australian telecommunications company Telstra, your request to cancel your business broadband has been sent to the 'Business Broadband Provisioning team' for processing.
The message claims that you can review the Cancellation Order request by opening an attached .zip file.
Email is Not From Telstra - Attachment Contains Malware
However, the email is not from Telstra and the attachment does not contain a cancellation order as claimed.
Opening the attached .zip file reveals another file with the file extension .pif. The zip file is called 'PDF_copy_of_your_order_form.pdf.zip. The file inside is called 'PDF_copy_of_your_order_form.pdf.pif'.
If you click the .pif file, malware can be installed on your computer. Typically, such malware can collect information such as passwords from the infected computer and download further malware.
This malware campaign uses simple social engineering tricks to achieve its aims. It tries to panic recipients into opening the attachment and installing the malware in the mistaken belief that their broadband account is about to be cancelled.
And, it tries to trick recipients into thinking that the attachment contains a harmless .pdf. Both the .zip and the .pif file contain 'pdf' in the file name. And the files have a double extension.
If file extensions are hidden, as they are by default on Windows computers, the file names will appear as PDF's - 'PDF_copy_of_your_order_form.pdf' - and this may fool some recipients into proceeding without due caution.
It is a good idea to configure your computer to show file extensions
If you receive one of these messages, do not open any attachments or click any links that it contains.
Note also that very similar malware campaigns
may claim to be from other service providers in different parts of the world.
Last updated: January 28, 2015
First published: January 28, 2015
By Brett M. Christensen