Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

** WARNING guys... Telstra Scam Alert **

Discussion in 'The Pub' at netrider.net.au started by Rogues, Jan 14, 2013.

  1. ... and I realise this is probably NOT the correct forum but.......this needs widespread viewing, not hidden in some backwater.......

    I've just received a very real looking email supposedly from Telstra with a online billing notice.

    Not paying a great deal of attention I casually accepted it and proceeded to open the attachment which is the actual bill. Luckily the .exe file that downloaded when i clicked on the attached "bill" (as per standard telstra billing email practices) zip file didn't launch so I was fine.

    Looking again at the cover page, it caught my attention because it noted that I had an overdue amount owing ... which concerned me somewhat.
    I thought that was strange, then noticed that my account number didnt look quite right....checking older bills confirmed that... and contacting Telstra I was advised that ALL Telstra bills commence with '2000...'

    needless to say I didn't click on any of the links they generously supplied to query the bill either.....

    So this note is mainly a warning to others, please pass on to your friends
    Regards, Chris
  2. Do a virus scan and a malware scan.

    A .exe appearing not to load has probably already put some kind of malware onto your machine.
  3. So what do I do about this email from the prince of Nigeria?
  4. These ones are pretty obvious. Don't open them, especially if they are zipped or rarred. And why would anyone open a .exe file?

    I'd get a virus scanner because it sounds like it didnt fail, it just accomplished its task.

    I also got this email this morning too. I get the webjet/qantas/virgin ones too.
  5. Print it, wipe your bum with it and send it to him, they love that.
  6. Do what you always do. Argue with the bastard :)
  7. I didn't get any mail from the prince, those are as old as the fake invoice from a legit company, anyone falling for it deserves to get scammed.

    It just shows the level of education in this country when people need to call Telstra to confirm to them that that this is fake. :bangshead:
  8. dont be an arse VC,... I'm just trying to alert people.... do you have Telstra online billing by purchance??
    the cover email is an exact duplicate.... the cover page email is an exact duplicate,
    your bill is attached as an opening attachment so to proceed like that is natural..... luckily my computer system picked it up and would not open it, but everything up till that point was 'as per the dozen other bills I've gotten...o_O
  9. What a stupid comment!

    Thanks for the info rogues
  10. you'd think they'd at least get the first 4 digits of the bill number correct.
  11. I agree but how many people know their Telstra/Optus/Voda account or bill number?

    Pretty safe to assume that more than one person has fallen for this. And considering that there are many older people who are loyal to Telstra (god knows why) and who don't have the most advanced computer knowledge, I'd say this is probably a fairly successful scam.
  12. Sad but true.
  13. Been around for years. If in doubt dump it. Banks and utilities will mail you if there is a real problem.
    Surprises me people still fall for this shite, specially those who have grown up with the Internet.

  14. More uneducated.

    Similar phishing email been happening for at least 10 years!!!!!

  15. VC, stop being a knob.

    This particular scam is fairly well-executed for a change and unfortunately, Telstra still persists in sending emails with attachments. I just received two of them myself and as it happens I'm expecting a Telstra bill so even after reading this I still had to check very carefully to make sure it wasn't the real deal.

    Rogues, thanks for the heads-up.
  16. Gobbs, when you expand the email header, what urls and addy's hide there?
  17. For your pleasure. Wonder if the return-path is genuine?

    Return-Path: <rephrasei35@telstra.com>
    X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on HOST.DELETED
    X-Spam-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE,
    RDNS_NONE,T_TVD_FW_GRAPHIC_ID1 autolearn=no version=3.2.5
    X-Original-To: MY@EMAIL.ADDRESS
    Delivered-To: MY@EMAIL.ADDRESS
    Received: from MY.SERVER (localhost.localdomain [])
    by localhost.localdomain (Postfix) with ESMTP id 10FF4491DD1
    for <stuart@localhost>; Mon, 14 Jan 2013 13:03:05 +1100 (EST)
    Envelope-to: MY.EMAIL.ADDRESS
    Delivery-date: Sun, 13 Jan 2013 19:02:44 -0700


    Received: from ipyavo.tcif.telstra.com.au ([]) by SNT0-MC4-F23.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Mon, 14 Jan 2013 10:01:29 +0800
    Received: from unknown (HELO ipbdvi.tcif.telstra.com.au) ([])
    by ipoavi.tcif.telstra.com.au with ESMTP; Mon, 14 Jan 2013 10:01:29 +0800
    Received: from wsmsg3701.srv.dir.telstra.com ([])
    by ipcdvi.tcif.telstra.com.au with ESMTP; Mon, 14 Jan 2013 10:01:29 +0800
    Received: from localhost ( by ties-smtp.in.telstra.com.au
    ( with Microsoft SMTP Server id; Mon, 14 Jan 2013 10:01:29 +0800
    From: <telstraemailbill_noreply5@online.telstra.com>
    Reply-To: <telstraemailbill_noreply7@online.telstra.com>
    Subject: Your Telstra Email Bill - 0404569102788
    Date: Mon, 14 Jan 2013 10:01:29 +0800
    Message-Id: <UNCP2QV6O5R4JCBUQVNB5U3N3II4FCQOQM3E@WSMSG3701.srv.dir.telstra.com>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: multipart/mixed;

  18. So far, I've received 3 of these just today. The giveaway in the ones I received was the "Dear..." followed by a blank space.

    The fact that I've been a Telstra customer for too many years and have never previously received email bills, nor arranged for such, probably raised my suspicion too...
  19. That's a pretty sophisticated phishing exercise - those return paths look real enough.
  20. Yes we have seen them flowing through our servers as well. Distributed in sending, the headers as you say robsalvv look legit but are dummied up. The significant line is:

    Received: from ipyavo.tcif.telstra.com.au ([]) by SNT0-MC4-F23.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Mon, 14 Jan 2013 10:01:29 +0800

    A credible attempt to hide the normal header parsers.