Email Password Phishing Scam
Home ScamsPhishing Scams Telstra BigPond ‘Re-Validate Account’ Phishing Email

Telstra BigPond ‘Re-Validate Account’ Phishing Email

by Brett M. Christensen

Outline

Email purporting to be from Australian telecommunications company, Telstra, claims that the recipient’s email account has exceeded its storage limit and he or she must re-validate the account by clicking a link.

Brief Analysis

The email is a phishing scam designed to trick Telstra BigPond customers into giving their account login details to criminals. Armed with the stolen data, the criminals can hijack the compromised BigPond accounts and use them in further scam and spam campaigns and to conduct other fraudulent activities.

Example

BigPond Email Team
Dear BigPond User,
This message is from Telstra |BigPond| email admin department and we are sending it to all our customers because we have recently upgraded our email systems to improve functionality/performance and quality service delivery.

We have noticed that your e-mail account has exceeded its storage limit which is 20 GB as set by your account administrator, you are currently running on 20.9 GB, you may not be able to send or receive new e-mails until you re-validate your account! . To re-validate your e-mail account, please click on the link below. All fields are required;
Click Here
Using our BigPond email services means choosing the leading Internet and Data Communication Network Service Provider with the best customer service available. As an Internet and IP phone service provider, we offers low-cost solutions for your high speed Internet and long distance needs, whether for your ! business or your home, BigPond is Internet you can trust.
Telstra E-Mail Team

© BigPond Webmail UnLimited 2014

 

Detailed Analysis

According to this email, which was supposedly sent by the Telstra Email Team, the recipient’s BigPond email service has exceeded its storage limit. The message further claims that the Telstra BigPond ‘admin department’ has recently upgraded the company’s email systems to improve service.

Therefore, claims the email, the user must click a link in the message to re-validate his or her account and avoid problems with sending and receiving messages.

However, the email is not from BigPond, or parent company Telstra. In fact, the message is a phishing scamdesigned to steal account login details and other information from BigPond customers.
Those who believe the lies in the email and click the link as instructed are taken to a webpage that asks them to provide their account login details:

Fake Telstra Update Form

The scam page is a quite crude attempt and does not look like a genuine BigPond webpage. And, it is hosted by a service that offers free websites to users.

After they have collected the information submitted on the fake BigPond page, the scammers can then use the data to gain access to the compromised accounts. Once in, the criminals can use the accounts to perpetrate further scam emails, send out malware messages and launch spam campaigns, all in the names of their victims. They may also gather more personal information from within the hijacked accounts and commit further fraudulent activities.

Like other major telecommunications companies around the world, Telstra is regularly targeted by scammers. Be very wary of any email that claims that you must click a link to login to your Telstra or BigPond account to rectify a billing or account problem, perform an upgrade, or avoid an account suspension. Telstra or BigPond will not send you unsolicited emails asking for your login details. Telstra has published information about phishing scams and how to report them on its website.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer