We’re blocking 332 million incoming scam and unwanted emails every month

Earlier this month, the ACCC’s Scamwatch revealed that cyber scams are on the rise, with over 166,000 reports registered in the first nine months of the year.
· 29 November 2022 · 3 minute read
A man sitting in a chair looking at a smartphone

Earlier this month, the ACCC’s Scamwatch revealed that cyber scams are on the rise, with over 166,000 reports registered in the first nine months of the year.

It’s something we’ve noticed across our network too. As part of our Cleaner Pipes program, we’re detecting and blocking more email, SMS and phone call scams with improved spam and scam filters than ever. According to Scamwatch, email is the third most commonly reported mode of attack (33,287 reports) after phone (51,234) and SMS scams (50,947).


Email scams are not only annoying, many are also malicious and may potentially lead to a criminal stealing your money and personal information, accessing your Internet banking or attempting to infect your contacts with malware.

If you’ve ever dug into your email junk folder, you probably wouldn’t be surprised to know that the pure volume of unwanted emails can be enormous. But what you don’t see is the number of malicious emails blocked before they even reach you.


On average, between January and October this year, we’ve blocked around 332 million incoming scam and potentially unwanted emails to Bigpond customers – over a third (38%) of all inbound email to Bigpond accounts.


That’s the equivalent of blocking 7,600 emails every minute (based on January – October 2022 figures).

What scams does Telstra block?

Common scams we see include emails containing malware attachments, invitations to hand over your personal details to scammers, and impersonation scams designed to trick you into sharing personal or sensitive information (including banking and credit card details).

As Australians become savvier, email attacks are also becoming more convincing. Recently, more bank scams, fake toll road scams and fake job offer scams are appearing in a bid to lure new victims.

How the technology works

There are quite a few systems and checks when it comes to monitoring our email systems. But without giving away the secret sauce to any potential scammers reading, here are just a few ways we protect our customers and block email scams:

  • Reputation list filters – these are a big list of known “bad actors”, we filter all email through these lists and if a delivery is attempted from a known suspicious source, it’s blocked before ever reaching our email network.
  • Malicious attachment scanning – this is like an anti-virus software that all incoming email attachments get put through to check for potential viruses that could infect the recipient’s device. If one of these gets flagged, the email and attachment gets blocked.
  • Malicious link scanning – almost a combo of both list filtering and attachment scanning – here we check any URL links in emails to see if they direct to a known scam website.

You might be wondering what your junk email folder is for if we are blocking so many emails before they reach you. We simply don’t want to accidentally block legitimate emails. Suspected (but not confirmed) scams will be sent to your junk folder

If we are not certain an email is a scam, but suspect it could be, we will send it to your junk folder.

There are also protections in place to ensure legitimate messages still get through, so we don’t block commercial messages from banks and other large businesses, government departments, emergency alerts and Telstra applications.


If spam or a suspected scam makes it through to your main inbox, you can also help to make sure it doesn’t happen to others by marking it as spam to improve our filters.


What to look out for in a suspected scam email

The sheer volume of scam email attacks is a reminder that we all need to be vigilant when we interact with our inboxes.

If you spot a suspicious email, there are a few things you should do:

  1. Don’t reply to the email or open the links. If you accidentally click on a link before verifying it, don’t enter any information onto the website.
  2. Pay close attention to the sender’s email address and any links in emails for anything that doesn’t look legitimate. It’s important to know the address can still be faked on some occasions, so make sure you double check another way too.
  3. If you suspect an email is a phishing email and it contains information like an account number, cross check whether the details correspond with details on a previous official emailor with MyTelstra for Telstra customers.
  4. Be suspicious of unaddressed or generically addressed emails.
  5. Finally, just listen to your gut. If something looks wrong or feels wrong – like typos across the text, colours that don’t seem quite right or an unexpected request for information – double and triple check it.

Another way we keep our network safe

While we’re confident our filters will continue to protect our customers from millions of unwanted and malicious emails, they aren’t foolproof. Criminals evolve and find new ways to operate scams so we’ve all got to continue to be alert to suspicious messages.

You can learn more about how to spot and protect yourself from scams on T.com or at Scamwatch.

For customers – the good news is that there is no need for you to do anything to activate any of the protections under our Cleaner Pipes program. They’re automatically turned on across our network – and we won’t call you or send you an SMS or email asking you to click a link to access them.

Taking steps to change how we retain ID data

Last week, we announced some changes to how long we hold onto some of your data.

We have taken a hard look at what data we collect and store to minimise the threat of cyber crime.

While we will continue to scan ID documents to check your identity and protect against fraud, we are reducing the time we keep these scans from two years to six months. While we will delete the scans, current law requires us to retain the ID data associated with it for longer.

By Narelle Devine

Chief Information Security Officer, Asia Pacific

Narelle has a diverse background having worked across the military, government and corporate sectors. Narelle began her career in the Royal Australian Navy before joining the Australian Government’s Department of Human Services as Chief Information Security Officer. In June 2020 Narelle joined Telstra as the Chief Information Security Officer Asia Pacific. Narelle is responsible for the company’s cyber security operations, intelligence, risk, governance, compliance, development and engagement. Narelle holds a Bachelor of Arts in Information Systems and English, a Master of Science in Information Technology and a Master of Systems Engineering. In addition to her love of cyber operations she is passionate about workplace culture, diversity, training and recruitment and is a current member of the RSAC Advisory Board and the AISA Executive Advisory Board.