The Australian Communications and Media Authority (ACMA) posted a warning on its Facebook page warning that a bogus email has been doing the rounds, which looks disturbingly legitimate.
ACMA’s statement reads:
“Emails claiming to be from Optus are circulating. They want your credit card information for what is claimed to be an unpaid bill.
“The ACMA has been receiving reports about emails with the subject line ‘We are unable to process your last payment’.
“The fake emails are sophisticated and use a web address that looks like the real Optus website. The email contains a link to a fake ‘pay your bill’ page, which then asks for your credit card details.
“The fake email and payment form are cunningly crafted to trick people. It’s important you check the legitimacy of email links to protect your personal information — use contact details you find through a legitimate source and not those contained in the suspicious message.
“If you receive this scam email, delete it immediately.
“More info about protecting yourself, visit Stay Smart Online.”
The message had been shared 2,500 times when My Business viewed it.
Telco acts to shut down scam
An Optus spokesperson said the company was notified that some of its customers received the bogus email last weekend, which featured requests to confirm payment details.
“We reacted quickly to block the website linked to the email, which will ensure that Optus mobile and internet customers who mistakenly click the link won’t be able to access the site. We’ve also reported the site and requested it to be taken down,” the spokesperson said.
“Optus does not send unsolicited emails to customers asking for sensitive or personal information, and we encourage customers who suspect they have received a scam email or SMS claiming to be from Optus to contact us.”
ACMA’s alert came just a day after its director of SMB direct and cyber sales revealed that the telco’s software is identifying and blocking as many as 10 billion malicious emails every day, and that such attacks are “becoming more frequent and more specific”.
Optus not the only target for impostors
In April this year, the Australian Competition and Consumer Commission warned that scammers are impersonating telecommunications companies, including Optus and Telstra, as well as energy companies, with fake bills.
“The Optus scam that is circulating is another in a long string of phishing emails that use our trust in well-known brands to bypass our natural suspicion. The scammers are again using a brandjacking approach with social engineering in the form of fear of a service being terminated,” said Garrett O’Hara of email management firm Mimecast.
“This can be successful to get people to click their link and provide credit card information. This is very similar to a phishing campaign last month, which targeted Telstra customers in much the same way.”
Mr O’Hara said that any email related to non-payment or service disruption should be viewed with skepticism.
“Ignore any links within the email and go directly to the company’s website,” he suggested.
“Log into [your] account as normal and from there [you] can access [your] account. Any issues would be highlighted if they existed without the risk of malware or theft of credit card information.”