A new wave of phishing scams target Telstra

In the last few days, SophosLabs witnessed a new wave of phishing spam campaigns targeting Telstra, the largest phone and internet service provider in Australia. Telstra supports more than 18 million customers for both fixed line and mobile phones.

Telstra phishing email

This makes it a worthy target for phishing attacks. This wave of scams includes two kinds of phishing messages: one uses the Telstra brand, while the other takes advantage of BigPond, which is a subsidiary of Telstra.

BigPond phishing email

Telstra phishing websiteThese two different phishing messages contain a link redirecting the recipient to similar fraudulent Telstra login pages. The pages attempt to steal customers’ confidential information such as username, password, address and credit card details.

Like most phishing pages, they look very believable to the average user. Considering that companies are moving every service they can to the internet to reduce labour costs, this is to be expected, right?

Fake Telstra login page

During the last few years the targets for phishing attacks have changed. In 2007, financial service companies were the most targeted industry, at about 95% of all attacks.

In 2010, phishes targetted financial service companies dropped to just under 38%. Phishers not only target financial service providers, but payments services, auction websites, ISPs, governments, social networks and more.

2007 and 2010 phishing targets from Anti-Phishing Working Group

Since all of these industry sectors request and store sensitive information, it makes them a target for scammers attempting to victimize their customers.

In the future I am sure we will see even more diversified phishing attempts. These charts are courtesy of the Anti-Phishing Working Group.