iiNet and Telstra customers are the target of an email phishing scam that aims to steal credit card details by using spoofed email addresses and claims of being unable to process payments.

How the scam works

• Victims receive emails claiming to be from iiNet or Telstra that may contain spoofed (or copied) email addresses that end in the exact same way as a legitimate email from the telco company would. For example, @iinet.net.au
• The email states the telco has been unable to process the most recent bill payment and provides a link to resolve the issue.
• The link takes victims to a fake version of the telco’s login page that is phishing for account login information and credit card details.

How to protect yourself

What to look out for: 

• Unaddressed or generically addressed emails, such as “Dear Customer”.
• Badly written emails with broken sentences, spelling mistakes, grammatical errors etc.
• Emails showing account information that doesn’t match your provider’s account details.
• Requests for your credit card, passwords, account details or personal information – usually by asking you to “click a link” and fill in a web form.
• Suspicious looking URLs, or ones that don’t directly point back to the telco provider’s website. 

If you have clicked a suspicious link from an unsolicited email:

• Do not enter any information into the web form
• Run anti-virus software on your device
• Report the scam to your telco provider
• Tell your bank if you’ve allowed scammers access to your credit card details

Contact ID Care if you have provided personal information.