What Can We Learn From The Spear Phishing Exploits Against Telstra
Cybersecurity researchers have warned the public that there is a convincing phishing email pretending to be coming from Telstra, the Telco giant. The sample provided falls into the category of ‘spear phishing’, which means only those that are current customers of Telstra received it. Using clever formatting tricks, the email looks the same as a genuine Telstra email.
The spear-phishing email contains a malicious file with the goal of stealing information from the user in the background. As reported by MailGuard, a cloud-based email security consulting firm, the phishing email claiming to be coming from ‘Telstra Business Centre’ branch.
“It claims that a user from a Telstra Business Centre branch is the sender of the document, with their name used in multiple locations including the message body. The inclusion of both Telstra and DocuSign logos and branding within the email makes it harder for recipients to identify the email as a scam as it appears as a legitimate notification. In such cases, users are reminded of the importance of not accepting/clicking on documents from unknown senders, despite the organization they purport to be from. All attachments/links should only be accessed when users are certain about the credibility of their owners,” explained MailGuard’s representative.
Telstra on their end reminded their customers to visit https://www.telstra.com.au/help/contact-us/scams, their official website for reporting phishing emails and additional information on how to prevent falling for scams. Telstra also emphasized that their official communication does not contain wrong grammar, URL links to questionable websites and general-sounding email.
To avoid being a victim of this type of cybercrime, we must take into consideration some tips:
- When creating passwords, the ideal is a sequence of a minimum of eight characters that combine letters and numbers and also does not correspond to the proper name of someone close or a word that is easily guessable for a ‘hacker’.
- It is important to periodically change the password used to access Internet services, whether social networks, email or any other. In addition, it is not advisable to use the same word in all passwords, since that way the account will be more vulnerable.
- When receiving a link in the email, it is convenient to look at the exact address of the sender, regardless of the name that appears.
- It is essential in a computer connected to the Network a good equipment ‘software’ to fight against attacks. Among them, it includes a good antivirus and protection against spies that are constantly updated. To these programs, we must add a firewall and an anti-spam filter.
- Do not trust the software that some web pages offer to download. If it seems harmful, it is very likely to be harmful. Also, the attachments in the email are good drivers of malicious software.
- When using a shared computer, it is convenient not to save the password when the browser suggests it.
- Even, it would be necessary that the bank statements were checked carefully in search of some strange operation.
Julia Sowells923 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.