Telstra Pushes Users Into Unsafe Email Practices

This week, Telstra issued emails to a number of its users, encouraging them to change their billing to an online (PDF) method of billing. On the surface, there’s nothing really wrong with them asking their clients to do this, as it results in more efficient processing, less paper wastage, quicker issuance of the bills … there’s lots of good reasons why this is not too bad an idea.

However, the methods that they have used to advise their customers about this is very seriously flawed. Let’s start by looking at the email that they issued …

Telstra Letter to Clients

Telstra Letter to Clients

There are a couple of things notable about this letter – note the two sections, in blue, that are underlined. These are links that are embedded within the email. Note that one of them says that it will take you to the “Email Bill Registration Page”, while the second one says that it’ll take you to where you can log in to your account.

What the hell?

Anyone who knows anything about internet security, safe web surfing, and not being hacked, knows only too well that you shouldn’t click on links like this. It’s stupid. Bloody well stupid!

Banks warn you never do anything like this: Never, ever, click on any link that promises to take you to any sort of login page, because, quite frankly, you really don’t know exactly where that page might be taking you too.

And if it’s taking you to a “phishing” page, where somebody wants your credit card or banking details, then you’ll end up in serious danger.

But please, don’t just believe me: I took an opportunity to speak with Lloyd Borrett, from AVG Internet Security. He’s an expert in these matters, and in the interview, he gives some very sound reasons why Telstra, in sending out these emails, are implementing some very bad ideas.

Lloyd Borrett, AVG – Clicking On Embedded Links In Emails

So, the advice is to ignore Telstra’s emails. Telstra’s methods are very seriously flawed, and a very bad idea. Contact them, and tell them just how bad an idea it is for them to be sending you these emails that look like they’re trying to scam you.

Instead, whenever you get an embedded link like these, close your browser (for safety’s sake), and then open a new browser session, and go to the site byt entering in the URL in the browser’s address bar. This should be the way that you always go to important sites like these, by the way, because then you will know that you’re not going to be going to some sort of scam site.

At the beginning of the week we asked Telstra why they are implementing such a poor practice, but they were unable to give us a response.