We often get asked how scammers get access to people's mailboxes, here is a classic example, in this case the scammer is pretending to be Telstra
On a mobile phone screen, chances are that you will only see My Telstra and you won't notice the sender's email address
On a larger computer screen, it is easy to see the sender's email address which is clearly not from Telstra, however it is apparently from a BigPond address, which is of course Telstra, so it may not be obvious to some users
These emails are never personally addressed and that's because they don't know who you are, they just have your email address
They have not even bothered with a genuine Telstra logo
There is a threat that messages will be lost if action is not taken which creates a sense of urgency
The stated deadline is the same date the email was sent (Star Wars Day!) so the sense of urgency is reinforced
The solution is offered in the email via two links, they even offer an option to download a copy of your emails if you do not wish to continue using the email address
The sign-off is quite generic
The Privacy and Our Customer Terms "links" don't go anywhere, not that you should follow any email links anyway!
If you believe the email is genuine, this is where the trouble starts
Both links in the email take you to the same web page
The content of the web page looks fine, it has the proper Telstra logo and it politely asks you to sign in
But the web address is bogus
https://flower-fin-4579.typedream.app/
And you may also notice the Made in typedream in the bottom corner of the page
Most internet users will not notice either clue, they will just focus on the content of the page
More on typedream below
The web page looks like a Telstra Webmail login page, more or less
It is not particularly convincing, but if you don't know what the genuine Telstra Webmail login page looks like, it's pretty close
Again, the web address is not Telstra
But it's also not typedream!
More on Weebly below
The scammer gets your email address and password
The scammer will attempt to login to your mailbox
If they are successful, they will monitor your mailbox for emails relating to financial transactions
They are particularly looking for requests for payment and invoices which they can then modify
If they are successful, you will pay money to the scammer rather than the intended recipient
Use unique passwords, if you use the same password for Facebook, Instagram, eBay and PayPal, you are making it too easy for the scammer
If you have what is known as Multi-Factor Authentication (MFA) attached to your mailbox, the scammer will also need a code from your phone
You may even see a code appear on your phone which may indicate a scammer is trying to open your mailbox
The scammer will usually give up at this point and move on to a softer target without MFA
If you do not have MFA in place, do it now!
We can assist you to set up MFA or you may have a knowledgeable friend, family member or colleague who can help you
Not ethat even with MFA, a scammer may try and pretend to be you and recover your password using a number of recovery methods like secret questions and answers, backup codes etc but as I have mentioned above, this gets progressively more difficult for the scammer and they typically moive on
There are numerous Do-it-Yourself website hosting companies around the world who offer a free trial if you would like to build your own web page
typedream is one of those companies
The idea is that you can build a web site, or indeed a single web page with whatever content you like, including text and images downloaded from other web pages on the Internet
It costs you nothing until you register a domain name and then you pay typedream an annual fee to host the site
But if you are happy with the free web address as per the scam page above, there is no cost at all and you can build as many free web pages as you like
So the scammer uses the web address
https://flower-fin-4579.typedream.app/
for their "Telstra" web page
where the genuine Telstra web address is
https://myid.telstra.com/identity/as/authorization.oauth2?client_id=b2c-webmail&nonce=a6adabc136937797f7deb6441af8c9fa8fa3ee3b4ed5b8b881a81edcea32f277&redirect_uri=https%3A%2F%2Femail.telstra.com%2Flogin%2Foidc%3Fid%3Da78b98eb-935a-4b92-a431-1993124e2b85&response_type=code&scope=openid+username&state=56f9dba026dbb312a6e5d34a4d56517e8306ccb88f14b60fcfef3be31888dcd5
I kid you not, it's no wonder people focus on the content rather than the address of the web page! In fact, the genuine web page address looks quite dodgy and the fake web page address seems a tad more believable....
They have exactly the same business model as typedream where the scammer has created a free web page with the address
https://mailifdnm.weebly.com/
That is a great question, but they need to stop
typedream has a page where you can report scams
https://typedream.com/abuse/reporting-phishing-or-spam
It takes less than a minute to make the report
I have submitted a report about the scam web page on their platform, they usually respond quickly and shut it down
Weebly has a page where you can report scams
https://www.weebly.com/uk/spam
but I could not find it on their website, Google found a 3rd-party reporting site
https://phish.report/contacts/Weebly
which had the above link
I have submitted a report about the scam web page on their platform, they usually quote 1 to 3 business days to respond
I have writen to them to say they need to be a bit quicker