Optus is warning about an email scam doing the rounds.
Optus is warning about an email scam doing the rounds.

Optus customers warned of email scam

OPTUS customers are being warned to lookout for malicious emails, seemingly from the telco provider.

The scam email uses the domain optusnet.com.au and comes in multiple forms, including an offer of remittance and another one spruiking car insurance, according to cyber security company Mailguard.

The firm first spotted the Optus email scam last Friday and it is ongoing, it said in a blog post.

The emails are what is known as a phishing attack, in which victims are encouraged to click on a link and often download malicious software onto their computer, giving the originator access to their device.

Typically, they will masquerade as originating from a trusted organisation such as your bank, insurer or telco provider.

The format of these latest Optus emails is similar, with most appearing in plain-text form and the Optus logo appearing at the top. The good news is that they are so basic they're unlikely to fool even the least savvy internet user.

The format of these latest Optus emails is similar, with most appearing in plain-text form and the logo appearing at the top.
The format of these latest Optus emails is similar, with most appearing in plain-text form and the logo appearing at the top.

They advise the recipient of a document that is available for them with a corresponding link.

In the main body of one email, it asks the recipient to "please find attached a remittance advice requiring your review" with a link to a Google Docs.

The other scam originating from the same domain tells its targets they can find attached a "Certificate of Currency" for car insurance. There are also other versions related to insurance cover documents.

"Please get assigned accident Documents as requested", the email says, along with a reference number. The included link in this case is to a .zip file containing a malicious JavaScript file, Mailguard warned.

This is about as obvious as they come.
This is about as obvious as they come.

These scams have become increasingly common in recent years.

In 2016, an email scam that appeared to be an AGL bill tricked users into downloading ransomware that infected their computers and essentially held them hostage. It successfully targeted at least 10,000 Australians before it was detected, claimed one cybersecurity analyst at the time. The same year a very convincing NAB scam did the rounds.

Since then, they have continued to grow in sophistication (this latest one notwithstanding) and have become a common tool for online fraudsters.

 

HOW TO PROTECT YOURSELF

• Look closely at the email address of the sender. It will usually try to look as close to the real thing as possible but the imitation will always be a bit off. For example, instead of Optus.com.au this scam came from optusnet.com.au.

• Before clicking on any links, hover the mouse over it to see the full link to gauge if it looks suspicious given the context.

• Make sure your computer has quality cyber security software installed to help detect harmful links.