MB1346
Level 2: Rookie

Telstra mail address news.telstra.com compromised?

Hi All,

Interesting email this morning, from telstra-communications@news.telstra.com

Noting the SMTP address is using a lower case 'L' and not an uppercase 'i'. Verified.

Email general information:

From: Telstra Protection <telstra-communications@news.telstra.com>

Subject: You are not safe online !! Suspicious activity Detected, Please Check ! Subscription

Contents: <were blocked luckily, however...> using Microsoft's live online to review, as expected it's content primarily was an image suggesting Norton subscription due to expire (Not the case), with suspect links for contacting etc.

 

NOTE: This was invalid information, but what is concerning is how it appears to be using telstra.com domain name space? Assuming this is not the type of content sent by Telstra, on behalf of Norton? Norton usually contacts directly if they need, as I am not using Telstra an on-seller, etc.

 

Regardless of how the Telstra Domain name was used in such a manner, depending on customer mail solutions, operations may be taken against the parent domain or the child whereby they are 'junked/flagged as spam, etc', and thus could have flow effects for Telstra communications not being received. In my case the mail client manages this, and it will use the full child namespace 'news.telstra.com', and thus still allows communications from <telstraemailbill_noreply6@online.telstra.com> which also came in this morning. Just after <telstra-communications@news.telstra.com> was "junked", time will tell.

 

Any thoughts, or can this please be verified/checked? 

 

Cheers,

MB1346

 

 

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
8 REPLIES 8
Te15
Level 1: Cadet

Re: Telstra mail address news.telstra.com compromised?

Hi MB1346

I too noted that 'news.telstra.com' is not telstra.com when I first received this email 3 or 4 days ago.  I decided to report it as 'phishing'.  I have since received 2 more similarly worded emails from the same address which i will delete without opening.

Just so happens that my internet has been horrendously slow for a few weeks, so it did get my attention!

Yes, can this be verified / checked Anyone?

 

Cheers

Te15

MB1346
Level 2: Rookie

Re: Telstra mail address news.telstra.com compromised?

Since first logging this, I have received daily additions with varying 'Subject' content. The 'body' has remained focused on Norton Anti-Virus, but the information is incorrect, such the expiry date keeps changing.

Evidence suggests these emails sent by Telstra's 3rd party marketing partner (now own by Oracle) are SCAM's. The wording is based on social engineering and contains poor use of the English language.

 

With any luck news.telstra.com IP will be 'blacklisted' soon.

 

MB1346

Jupiter
Level 25: The Singularity
Level 25: The Singularity

Re: Telstra mail address news.telstra.com compromised?

Have you checked to see the origin of the emails? Just because an email says that it comes from a certain email address doesn't mean that that is actually where it is coming from. You need to check the header information of the message to check the IP address and name of the originating server. It is incredibly easy to spoof the From address in an email.

Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
AdamDagis
Level 1: Cadet

Re: Telstra mail address news.telstra.com compromised?

I have been getting these emails also over the past 1.5 weeks or so. Claim to be from Telstra, "Telstra-communications@news.telstra.com on behalf of Norton-notice <FgFqFC0sMe5Dkp43H2@two.fzba358cuc.com>"

 

Says my Norton Account has now expired (which it hasn't, still has 11 months left). Getting multiple of these emails per day. 

 

Can also add that I'm also at the same time receiving further emails from "Telstra-communications@news.telstra.com on behalf of Telstra <Notification@safe.fgmfeoziqu.com>". Claiming, 'Congratulations to user Telstra! Take this short 30 second survey to select one of our exclusive reward offers'.

 

Who ever is behind all these spam emails recently certainly is aware that I'm a Telstra customer. Many people could be fooled by these which is worrying. 

Veezy
Support Team
Support Team

Re: Telstra mail address news.telstra.com compromised?

Hi AdamDagis, getting spam/scam emails can be a major pain! I have attached two links to hopefully help minimise the risk of spam emails.

 

https://tel.st/skxxw and https://tel.st/4zkuk.

Need help? Check out our Community Wiki or Support Portal || Looking for a new mobile? Order online today || Get help with any Tech at Home with Telstra Platinum || Don't forget to tag answers as Accepted Solutions and give a Like to the member(s) who helped you out.

All moderation actions are supported by the CrowdSupport Community Guidelines

Jupiter
Level 25: The Singularity
Level 25: The Singularity

Re: Telstra mail address news.telstra.com compromised?

They're not aware that you are a Telstra customer. Practically everybody is getting them at the moment Telstra and non-Telstra customers alike. They just send them out to their list of email addresses that they've skimmed from other sources (I get these exact emails to GMail accounts that I use for gaming that are fundamentally anonymous - there is no tie back to my real name or contact details). They use Telstra as the catch as they are the largest Telecommunications company in Australia.

Never be afraid to back yourself when trying new things, just always make sure you have 3 escape routes if things go wrong.
MB1346
Level 2: Rookie

Re: Telstra mail address news.telstra.com compromised?

Snippet from email header (telstra-communications@news.telstra.com):

"

Authentication-Results: spf=softfail (sender IP is 158.69.34.241)
smtp.mailfrom=telstra.com.au; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=fail action=oreject
header.from=news.telstra.com;compauth=none reason=450
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
telstra.com.au discourages use of 158.69.34.241 as permitted sender)
Received: from chatspin.es (158.69.34.241) by DM3NAM03FT048.mail.protection.outlook.com (10.152.83.143) with Microsoft SMTP
Server id 15.20.3955.18 via Frontend Transport; Sat, 20 Mar 2021 21:46:28
+0000

"

We can see a reference to softfail for SPF, however a query against news.telstra.com, indicates hardfail configuration: (news.telstra.com) v=spf1 ip4:199.7.200.0/21 ip4:12.130.135.0/24 -all

However, 'smtp.mailfrom=telstra.com.au', which has the following 'softfail' configuration for SPF records:

(telstra.com.au) v=spf1 include:_spf.telstra.com.au ~all

Telstra.com has the following SPF configuration: v=spf1 include:bigpond.com include:cmail1.com ?all

 

Usually softfail means mail is flagged and still passed through to the recipient, whereas hardfail mail is discarded.

 

Starting to think the issue is a result of Telstra's configuration regarding authorized mail servers? 

 

Any other thoughts on this scenario?

 

----General Info---

news.telstra.com: 162.223.232.45

IP Location Results for 162.223.232.45
==============
City:         
Zip Code:     0
Region Code:  
Region Name:  
Country Code: US
Country Name: United States
Latitude:     37.751
Longitude:    -97.822
GMT Offset:   
DST Offset: 

 

Reverse Whois results for 162.223.232.45
==============
There are 0 domains that matched this search query.

MB1346
Level 2: Rookie

Re: Telstra mail address news.telstra.com compromised?

Hi Veezy,

This is not what I consider sound advice from Telstra Support.

Yes SPAM is an everyday issue, however, this case is about an entity using a Telstra owned namespace to distribute said SPAM.

As it stands now, if Telstra decides to utilize the news.telstra.com namespace for SMTP communications, it could fail to reach all recipients as some customers are now flagging the namespace as SPAM.

 

Please review my below post regarding the SPF softfail scenario.

 

Cheers,

MB

Set it & forget it

With direct debit there’s no need to give paying your bill another thought.

Avoid queuing up and never worry about late fees again.

Setup direct debit