TPG Community

Get online support

Identifying Scam or Phishing E-mails, Calls and SMS

BasilDV
Moderator

Scammers use a wide variety of methods to impersonate legitimate businesses and organisations to get personal and private information from people.

 

Phishing is a way a cybercriminal steals your personal information. A phishing email will look like a genuine email from your bank, internet provider or any company you deal with asking you to click on a link which will then take you to a fake webpage which will then ask for your personal details, bank detail or other private information.

 

These emails, scam websites and text messages can be difficult to spot. Try to look out for incorrect spelling and grammar, poor layout, imagery and styling. For more information, head to the Scamwatch website.

 

To help protect yourself from these Scams, please visit Tips on How to Protect Yourself from Scams, Spam Email, Call and SMS - TPG Community

 

 

Latest known scams

 

 

 

 

 

 

 

 

 

 

 

 

 “Hi mum” Scam

 

Some of our customers have reported receiving WhatsApp or text messages from scammers alleging to be children in need of funds. The scammers are targeting parents and the messages generally start by claiming the child has lost or broken their phone, or it has been stolen so they insist the parent does not contact them on their old number. The messages will then develop into the scammer requesting money for things like bills or emergency funds as they have been locked out of their internet banking accounts.

 

If you receive an SMS or WhatsApp message from an unknown number asking for money or claiming to be a loved one, do not transfer any funds. If you are ever unsure of the legitimacy of a message, it’s always best to pick up the phone and contact the sender to be sure.

 

If you receive any SMS relating to this scam, please report it to Scamwatch.

 

Back to Top

 

 

 

 

 Flubot Scam

 

You may have recently received an SMS message, claiming that you have had a missed call or voicemail. These messages are generated by Malware called Flubot, which spreads via SMS messages and can infect customers with Android devices on any mobile network. We have also seen variants of the Flubot message, purporting to be from a courier service asking the end user to install a tracking app through a link which will infect the device with malware. If a user clicks the link and installs the app, the malware will take over the device and send texts to the infected user’s contacts.

 

Known examples include:

  • I want to send you a voicemail on Zello! Click to download.
  • my86 Your service provider zas sent you a nee notice: <LINK> 
  • wfq5cm Voicemail: You have 1 new Voicemaill (s). Go to: <LINK>

 

If you receive an SMS like this:

  • Do not click on the link.
  • Report the SMS to Scamwatch.
  • Delete the SMS a soon as possible.

It is important to point out that just because you have received the message, this does not mean your device has become infected.

 

If you click on the link, you will be taken to a web page that may look like a genuine site with branding that you are familiar with. You may be prompted to install an app, so you can listen to the voicemail message. If you give permission to install the app, the Flubot malware will be installed onto your device. The malware may be able to access your contacts list and access your personal information if you use your device while infected. You may also receive texts or calls from random numbers stating that you have sent them an SMS, which you will have no knowledge of.

 

What should you do if you have become infected?

If you have become infected, don’t enter any passwords or log into any accounts until you have cleaned your device using the below steps.

 

How to clean your device

Cleaning your device using the steps below will remove the malicious software from your device.

To clean your device, you can:

 

  • contact an IT professional
  • download official Android anti-virus software through the Google Play Store
  • perform a factory reset of the device.

 

Performing a factory reset of your device will delete all of your data including photos, messages, and authentication applications.

 

At this time Apple devices are not affected, but we are aware that customers with Apple devices have been also receiving these Flubot messages.

 

For more information, head to the Scamwatch website.

 

Back to Top

 

 

 

 NBN Co Robocaller Scam

 

Some customers have reported receiving a call with a recorded message claiming to be NBNCo, telling the customer that their account will be terminated.

 

If you receive a call like this:

  • Do not confirm any personal information to the caller.
  • Hang up the phone.
  • Report the call to Scamwatch.

In the event of any legitimate service disconnections, you will receive at least 30 days' written notice from us.

 

For more scam and hoax information, monitor the Scamwatch website.

 

Back to Top

 

 

 

 

 COVID-19 Scams

 

During these difficult times, it is business as usual for fraudsters and scammers who are using the spread of COVID-19 to take advantage of people across the country.

 

These scams can include:

 

  • Spam e-mail impersonating the Government or the ATO.
  • Spam SMS claiming to be the ‘Australian Government Department of Health’ stating that ‘You’ve received a new message regarding the COVID-19 safetyline symptoms and when to get tested in your geographical area’. This SMS contains a link to a fake government website. This SMS was not sent by the Australian Government Department of Health.
  • There are also scams related to people’s superannuation.

 

If you receive these scams, please follow the below directions: 

 

You can find lots of useful information regarding the latest COVID-19 scams on the Scamwatch page.

 

Back to Top

 

 

 

 

 Wangiri Fraud

 

Wangiri fraud is when you receive missed calls from international numbers you don’t recognise on either a mobile or a fixed-line phone. The fraudsters generating the missed calls hope that their expensive international numbers will be called back so that they can profit.

 

If you receive calls like this, be assured that you haven’t been specifically targeted. It’s likely that the fraudster has generated a missed call to a whole range of mobile numbers that happens to include yours.

 

 

What should you do if you get a suspected Wangiri call?

 

We recommend that you don’t return calls to international numbers that you don’t recognise. Calls to Wangiri numbers will often result in a charge being incurred and only encourages the fraudster to generate more missed calls to customers who choose to call back. If you think you’ve had a missed call from an international number that may be involved in this scam, let us know. Just send an email to customer_relations@tpg.com.au and provide us with your mobile number and the international number you received the nuisance call from plus the date & time of that call.

 

 

What’s being done to address this issue?

 

We proactively monitor our network for Wangiri activity and shut down new fraudulent international numbers and number ranges as we find them. This is an issue affecting customers of mobile and fixed line operators around the globe, and we’re working with a number of different operators and industry groups to reduce Wangiri fraud levels.

 

 

The missed call scam

 

Mobile phone users across the globe are being targeted by overseas callers who make huge sums of money when the receiver calls back on the unknown number from which they missed a call. This is known as ‘Wangiri Fraud’. This type of fraud is not specific to TPG and appears to be on the rise.

Fraudsters call from international destinations. They will call a user and disconnect the call promptly before it is answered. They then wait for the person to call back. These numbers are charged at premium rates and, if the caller calls this number, they are hit with significant charges.

 

 

What happens if you do answer the call or call the number back?

 

They will engage you in a conversation and try to trick you into revealing details that can be used to defraud you.

 

 

What should I do?

 

Do not answer a call from an overseas number unless you recognise the number or are expecting the call. Do not return a call to an overseas number unless you recognise it. Do not give out any personal or business information such as banking or credit card details, pin numbers, birth dates or personal names and addresses. Do report the call and the number to TPG by emailing customer_relations@tpg.com.au to help us fight back against the fraudsters.

 

Back to Top

 

 

 

 

 Browser Pop Up Scam

 

We are aware of a pop-up scam, purporting to be from TPG, asking users to provide personal information by filling out a form to win a “prize”smartphone. This is a fake promotion and is not associated with TPG. TPG will never ask you to fill out forms with personal details to win a prize.

 

If you see this pop-up while browsing, please do the following:

 

  • Email a screenshot of the pop-up to customer_relations@tpg.com.au as well providing details of which website you were on when the pop-up occurred
  • Don’t click on any links or fill in any details
  • Report the email to Scamwatch
  • Close the browser/tab

 

Back to Top

 

 

 

 

 Fake TPG Scam

 

TPG is aware of an increase in falsified letters and statements from telecommunication companies. The falsified letters use the companies branding to appear legitimate and will be either sent via post or email.

 

The letters can be a threatening invoice, a request to update details or an email to congratulate you on winning a prize. It will ask you to call a number or visit a website to update details, pay a sum of money or claim your prize.

 

There are also fake SMS claiming to be from TPG, asking customers to verify personal information. The message states that ‘you have been selected as one of our lucky winners for a brand new iPhone’ and then requests for you to reply to a number with your full birth date. This message is not sent by TPG. Please do not reply to the message.

 

If you receive any mail or SMS from TPG, please do not follow any links to websites or call any numbers that are unfamiliar to you. If you suspect that it is a scam you may:

 

 

Back to Top

 

 

 

 

 Scammers threatening Chinese communities in Australia

 

TPG is aware of a scam targeting our customers in Chinese communities. The calls are in Mandarin and the scammers are often posing as Chinese authorities.

 

The scammer will accuse the customer of either being directly involved in a crime relating to fake passports, or a victim who has had their bank details compromised. They will threaten the customer with jail time or deportation and will request the customer pay them in large sums of money to clear their name or have their issue investigated.

 

The scammers will try to intimidate the customer into either providing money or other personal details such as passport number. They do this using scare tactics in hope that the customer will not ask any questions and will instead provide requested details or pay them.

 

Once money has been paid to scammers, it is often unable to be recovered.

 

If you receive a call from someone threatening you with arrest or deportation in relation to fake passports, it is a scam. Do not send any money or provide any personal details. End the call immediately and report it to Scamwatch.

 

For further information, including information in Chinese languages, please visit the Scamwatch website.

 

Back to Top

 

 

 

 

 Here's how to get the Email headers: 

 

An email header is a part of the mail that includes various important information that can be used to authenticate the message. This information is useful in troubleshooting email related issues as it contains details such as:

 

  • Sender and Receiver details
  • Date when the mail was sent
  • Message ID 
  • Return Path and Reply To
  • Content Type - Text, HTML,Video,Image
  • Subject line
  • Email Content

Sample of an email header:

 

heads.png

 

 

Outlook:

  • Open the email, then click on File > Properties. Email headers can be viewed on the Internet headers part.

properties.png

 

 

GMail

  • Open the email then select the 3 dotted lines (More) and a drop down list will appear. Select Show originalgmail.png

     

TPG Post Office

  • Open the email then on the upper right corner, you will see an arrow pointing down beside the letter i symbol. Click on the arrow and drop down list will show.
  • Click on View Headersheader.jpg

     

Back to Top

 

 

 

 

Related Topics:

Tips on How to Protect Yourself from Scams, Spam Email, Call and SMS

Forgot your TPG account password?

 

 

Contributed by Basil DV & Mel G