NSW police has warned about a sophisticated e-mail scam targeting Telstra customers.
The fraudulent e-mail is what's known as a phishing attack whereby scammers prompt victims to click on a link and download malicious software onto their computer, often allowing the criminal control or access to the device.
A warning about the phishing attack was posted to the NSW police Facebook page on Tuesday and was first reported by cyber security company MailGuard.
The e-mail looks like a fairly legitimate bill from the telco but encourages its recipients to click on a link and download a zip file, which should be an immediate red flag. As Telstra's support page points out, hoax e-mails may "contain an unexpected zip file or other attachment."
The criminals behind this scam have even obtained a URL to make their email look more convincing, MailGuard said. But with these sorts of scams, the devil is always in the detail.
The fake Telstra email is sent from a telstraq.com address which was registered on Sunday November 19 in China.
If you were to just glance at the sender's address, you might not notice the "q" and think it's from a legitimate branch of Telstra's billing department.
But once you're prompted to download a file, you should always think twice and perhaps contact the company directly before doing so.
"It's a good rule of thumb to never click on email attachments that are hidden in .zip files or have .exe or. js file names," MailGuard said.