Online scams are certainly nothing new, and neither are the methods that scammers use to try to separate you from your information, whether they’re seeking access to your bank accounts or just your personal information. Over the past two weeks two different technology scams, both targeting Australian consumers specifically have used techniques that are well established parts of the scammer’s playbook. Looking at them in detail can illustrate how they work, and how you can keep yourself safe.
If you’re a customer of Telstra, you may have received an email from Telstra recently informing you that you were accidentally double billed, offering to refund the difference. Anyone who’s had any dealings with any large company has probably had a bill go askew at least once, so this sounds at least plausible. To make matters simpler, there’s even a button in the email that promises to take you direct to Telstra’s login portal to process your “refund”.
Too easy, right? That’s part of the scam, because these emails were in no way legitimate. Clicking on the button link would take you to a site that ostensibly resembled Telstra’s login page. You could log in there, and it would ask you for your credit card details to process the refund. If you did that, you could be in serious trouble, because you would have handed over not only your login for your Telstra account, but also your financial details. If you have done that recently, it would be wise to contact your financial services provider quick-smart, as the contents of your bank account could suddenly disappear otherwise.
This type of scam works from, essentially, greed. As noted, big businesses do make billing errors, and so it sounds plausible. Checking the link that such an email sends you to by hovering your mouse over it would have revealed that it went to a site called “testra.com”, which of course isn’t accurate. There were other telltale signs in the email, however. They were simply addressed as “Dear Customer”. If Telstra (or any other business) was processing a refund based on your actual account, why wouldn’t they use your actual account name?
The second scam doing the rounds sent SMS messages to Netflix Australia customers, telling them to click on a link to reset passwords or see their access to the popular streaming service cut off. Yes, they were fakes, going to a fake Netflix login. This type of scam works not so much from monetary greed as it does panic, because you’re meant to worry about losing access, so you click, and then you’ve handed over your Netflix account details.
If you’re thinking this is small fry, because it’s largely just the list of programs you might have watched, bear in mind that it gives some personal data that could be used elsewhere, especially if you’ve used your Netflix password elsewhere online. Not all online theft is straight financial theft, because online identities have value as well.
With both scams, the simple rules of online communication bear repeating. Be cautious online, and always double check with a secondary method. In the case of Telstra, if you get an odd or alarming message, give them a call to check. Don’t use the phone number in the message – many scammers run offshore call centres to perpetuate the scam – but look it up separately. If they honestly do want to contact you, they’ll have the details on file. For Netflix, while you might not be able to call someone, logging in to your account from a different device from the one where you got the message from and checking any communications in your account section will reveal the same thing. If there’s reason to contact you, they won’t be shy about it, but if there’s nothing there, it’s a scam and you should avoid it.