Telstra helps phishers PWN its customers

Summary:Following a rash of Telstra customers reporting phishing attacks, the telco has issued advice on how to discern the real Telstra from fake ones -- but the advice it gives is more likely to help phishers than its customers.

Following a rash of Telstra customers reporting phishing attacks, the telco has issued advice on how to discern the real Telstra from fake ones -- but the advice it gives is more likely to help phishers than its customers.

Telstra customers will continue receiving marketing e-mails, despite being targeted by phishing e-mails and fake Telstra doorknockers.

"We do communicate with clients by e-mail. That always includes the full company name and ABN (Australian Business Number). We also ask customers to log in to the Mybigpond secure Web page. We never ask customers to send confidential e-mails, we don't include links to download and only include attachments if there is a strong reason to explain why," a Telstra spokesperson said.

Well, this is pretty handy information. If you're a phisher, simply type "Telstra ABN" into Google and you're half way there to gaining a user's trust.

It's already common practice for phishers to include not just a real ABN on a phishing e-mail and spoofed Web site, but many more details designed to dupe targets. Just ask the ATO's CIO about some of the difficulties it faces in this regard.

Although Telstra says it doesn't embed links in its e-mails, it admits it sometimes sends attachments. In the event it does, Telstra says it will always explain why.

Sounds fair enough, polite even. So if the e-mail explains why an attachment is included, by Telstra's logic, the attachment will be safe.

So what happens if I -- your hypothetical bad guy -- sent you an e-mail with an attachment containing, say a worm called Win32/PWNTelstra? Here is the explanation you should expect from me:

"Dear Customer,

Is your broadband fast enough?

We have recently upgraded our broadband network in your area but to take advantage of higher speeds (for no additional charge), all you have to do is download and install the file attached to this e-mail.

Yours faithfully,

Sol"

Telstra Corporation Limited ABN 33 051 775 556

So Telstra customers, savvy little IT users that you are, go to your inbox and open the e-mail I just sent you. Ever since I landed a wife and mortgage, my finances have been stretched and your contributions would be more than welcome.

Topics: Security, Collaboration, Malware, Telcos, Telstra

About

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.