Telstra Cyber Scams
How to protect yourself from phishing, SMS, phone and other forms of hoax.
Hoax, scam and phishing messages are designed to fool you into thinking you’re communicating with Telstra. The messages attempt to trick you into providing your personal information and account or payment details.
If you feel like you’ve been caught out by one these types of scams be sure to review our tips outlined in: What to do if you’ve become a victim of cybercrime
Scam email generally come in two main types: Those that ask you to provide personal or sensitive information (phishing), and those that come with, or link to, an attachment that you are encouraged to open (malware).
Phishing scams may ask you to reply to the email and include things such as your password, or they may ask you to click a link to visit a website. That website will frequently look similar to a legitimate Telstra website (such as My Account) and potentially ask you for even more sensitive information.
Malicious software (malware) as an attachment or a downloadable link is a common way that criminals try to put a virus or other unwanted programmes on your computer. Sometimes those attachments will pretend to be a Telstra bill, and the email itself may look similar to genuine Telstra messages.
What to look out for:
- Unaddressed or generically addressed emails, such as “Dear Customer”.
- Badly written emails with broken sentences, spelling mistakes, grammatical errors and words in a foreign language.
- Suspicious looking URLs or ones that don’t directly point back to the Telstra website.
- Emails that include a zip file, an .exe or other suspicious attachment.
- Emails that display account information that doesn't match your Telstra account details. You can refer to Telstra 24x7 My Account for accurate account information.
- Requests for your credit card, passwords, account details or personal information either by replying to the email, or by asking you to ‘click a link’ and fill in a web form.
What to do next:
- Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.
- If you get a suspicious email, don't reply to the email or open the links. If you accidentally click on a link which opens a website, don't enter any information onto the website.
- Avoid opening email attachments. If you've already saved or clicked on an attachment, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.
- Tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
- If you have provided your information to something you believe is a scam, please visit: What to do if you’ve become a victim of cybercrime
Telephone based scam callers will frequently claim to be from well-known organisations such as Telstra, the Government, or other brands or organisations you are likely to be familiar with.
These scam callers will often try to convince you of the urgent need to follow their instructions. Sometimes they will try to convince you to give them access to your computer remotely, such as by pretending to be a Telstra service representative. Often they will apply inappropriate pressure, including threats and potentially inappropriate language, as part of their scam.
What to look out for:
- Calls from people impersonating representatives from well-known organisations, such as the Government, or familiar brands and companies.
- Calls seeking financial details (such as your credit card or banking details) in order to process a refund or other “overpayment”.
- Call quality may be poor, and the caller may be difficult to understand.
- Callers which attempt to apply a lot of pressure, urging you to take immediate action to address a problem.
- Calls offering to place a number on the Do Not Call Register for a fee. This is a free service, for more information visit: https://www.donotcall.gov.au
- Callers advising that your computer has a virus or is attacking others.
- Note: We won’t call you for a service or technical matter unless you contact us first.
- To learn about what Telstra will contact you for, refer to our verification page
Example of live phone scams:
- Calls imitating the Australian Federal Police that require your assistance to help them track down criminals and partake in criminal investigations. In these calls you’re often asked to transfer money abroad using international wire transfer services.
- Calls asking for bills to be paid via pre-paid gift cards – such as iTunes and Westfield – on behalf of a credit agency representing Telstra or the ATO (Australian Taxation Office).
- Calls imitating “support desk” staff looking to access your computer by pretending to know your “CLSID”. This is a non-unique identifier that scammers try to trick you into thinking is something only a legitimate support person would know.
What to do next:
- If you're not sure that the person on the other end of the phone actually is who they say they are, hang up and call the organisation by using their official published contact details.
- If the caller is claiming to represent Telstra, do not share your personal information, credit card or online account details over the phone unless you made the call and the phone number you called came from a trusted source, such as contact details obtained from your physical bill or https://www.telstra.com.au/contact-us
- Don't respond to missed calls that come from numbers you don't recognise. Calling back may result in instant charges in excess of $20.
- Be careful of phone numbers beginning with “190”. These are charged at a premium rate and can be expensive.
- Be careful of being tricked into calling expensive international phone numbers.
- If you think something's not quite right, just hang up. If it's an SMS, delete it and don't reply.
- Report it. Submit a Report Misuse of Service form and include as much detail about the call and caller as you can remember. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
SMS or MMS scams are a popular way for criminals try to get you to click on a link that could compromise your mobile phone, trick you into making an expensive phone call, or, send a message which could cost you a significant amount of money to send.
What to look out for:
- Unexpected SMS messages asking for your personal details, advertising promotional material or asking you to click a link.
- SMS and MMS numbers that start with 19xx. These are charged at a premium rate and can be expensive. Also look out for numbers that start with an international country code other than +61, which is Australia’s country code.
- Texts promising unexpected prizes that require you to send money to claim them, and mysterious text messages that can cost you a lot of money if you reply to them.
- Texts that encourage you to click a link, which may then ask you to install a piece of software on your mobile phone or tablet. Just like computers, malicious software can put your phone and personal information at risk.
“Congratulations! You were lucky. You have been chosen among 100 thousand people. You won a new iPad from us. http://ti7.in/Jnk7Mw”
What to do next:
- Do not call telephone numbers contained in suspicious SMS message.
- Do not reply to an SMS from a number or person you can't identify – even to unsubscribe.
- Report it. Submit a Report Misuse of Service form and include as many details as possible. Our Cyber Security team will investigate the report and may be in touch if they have additional questions, or possibly to ask for a screenshot of the unwanted message.
- Think twice before giving away personal details online. Instead, contact the sender by using their publicly available contact details.
- Visit trusted websites via their URL, rather than clicking a link in an email.
- Only provide financial details on secure websites that you’re certain belong to the organisation in question. Make sure to look for the lock next to the website address, and make sure the address always starts with “https://”.
- Choose your online passwords thoughtfully. Good passwords don’t have to be difficult to remember, they just need to be secure. Longer passwords are recommended. You should never repeat passwords between online services.
- Consider using a password manager to securely manage your online credentials.
- Keep your computers, tablets, phones, and wearables updated to the latest operating system.
- Keep your applications regularly updated.
- If possible, use a separate email account for subscribing to online services.
- Use ad blockers, spam protection and other content filters to help block potentially malicious items.
- If you're a Telstra consumer postpaid mobile customer, consider activating Mobile Protect in MyAccount or 24x7 to help with unwanted calls or SMS messages
- Consider enabling call screening and protection software which may be available in your mobile phone's operating system. For land-lines, a call screening device such as the Call Guardian can also assist with preventing unwanted calls.
Cybercrime is a growing risk around the world. That means that there’s an increasing chance that you may be caught out by one of these scams, even if you’re extremely vigilant.
If you believe you have become a victim of a scam, there are a few tips we recommend to help you get things back under your control:
- Stay calm. As frustrating as it is to learn that you may be at risk, keeping focussed and calm will help you manage your response properly.
- Think carefully about what information, or access, you may have provided to criminals. Take an inventory and write down what you remember sharing or entering into the fraudulent web site.
- If you provided any banking or other financial details such as a credit card number, contact your financial institution immediately. Be sure to monitor your accounts closely in the future as well.
- If you provided any usernames or passwords, immediately change your passwords to a new and secure version.
- Consider if you should re-use the same combination of username and password with multiple online services. If you do, you’ll want to change your password at any service where that same combination may exist. For example, if you sign in to Telstra Mail with the same combination of email@example.com and password as you sign in to Facebook, be sure to change your Facebook password too.
- If you’ve shared other personally sensitive information, such as your driver’s license number, Medicare, passport or contact details (such as your phone number or address), then you may want to visit IDCare at https://www.idcare.org – they can help you formulate a response plan to address potential identity theft.
- Consider filing a report at https://www.acorn.gov.au. This will assist law enforcement become better resourced to provide assistance to victims.
For more tips, head to Cyber Safety