In the last few days, SophosLabs witnessed a new wave of phishing spam campaigns targeting Telstra, the largest phone and internet service provider in Australia. Telstra supports more than 18 million customers for both fixed line and mobile phones.
This makes it a worthy target for phishing attacks. This wave of scams includes two kinds of phishing messages: one uses the Telstra brand, while the other takes advantage of BigPond, which is a subsidiary of Telstra.
These two different phishing messages contain a link redirecting the recipient to similar fraudulent Telstra login pages. The pages attempt to steal customers' confidential information such as username, password, address and credit card details.
Like most phishing pages, they look very believable to the average user. Considering that companies are moving every service they can to the internet to reduce labour costs, this is to be expected, right?
During the last few years the targets for phishing attacks have changed. In 2007, financial service companies were the most targeted industry, at about 95% of all attacks.
In 2010, phishes targetted financial service companies dropped to just under 38%. Phishers not only target financial service providers, but payments services, auction websites, ISPs, governments, social networks and more.
Since all of these industry sectors request and store sensitive information, it makes them a target for scammers attempting to victimize their customers.
In the future I am sure we will see even more diversified phishing attempts. These charts are courtesy of the Anti-Phishing Working Group.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
I use Spoofstick, it shows what web site you are on each time you change sites. One of the best free tools out there. http://www.corestreet.com/spoofstick
I tried to go to the link you suggested, Rosie, but was taken to an error (Page Not Found) so I ended up doing a key search and came up with the site spoofstick.com.
We got the same message several times over the Christmas /New Year period at our local RSL Sub branch- you've got to give them points for their tenacity!
The ANZ also bobbed up a couple of times.