I received a security alert from Optus saying: Your Optus Account was just signed in to from a new Linux device. You're getting this email to make sure it was you. A link 'check activity' leads to my webmail account.
I didn't sign in to my account at the given time and don't have a linux device.
Can someone please tell me what this means? Do I have to be worried, and what can I do?
Solved! Solved: Go to Solution.
I'm not aware of Optus having such a security feature. That wording is identical to google's security warning, so it seems like is a phishing email (i.e. scam).
Can you provide the exact link (minus any user personal details that it might include such as account name/number/email eddress/etc.) of the "check activity" link.
Have you tried to log in through that link?
The email seems to come from Optus: firstname.lastname@example.org
Below is a copy of the email wording (minus my email address).
Clicking on the check activity link led me to optus webmail page, where I have to log in to my webmail account.
I just clicked this again to send you the link and it now comes up with a very different page:
New device signed in to
Your Optus Account was just signed in to from a new Linux device. You're getting this email to make sure it was you.
You received this email to let you know about important changes to your Optus Account and services.
Yep that is definitely a phishing email.
The "Check activity" points to a dodgy "optusrdr.pw" site.
The webmail link doesn't go to optusnet.com.au but rather "emaillog.pw", they rely on people seeing only optusnet.com.au part of the link and assume that the rest of the link is real as well.
You should edit/delete the @OPTUSNET.com.au link as it contains an email address which I assume is yours.
Did you log in via that link?
First thing you should do immediately is change your webmail password from a fresh browser session and using a direct link from the optus website.
If you have used that password on other sites, or on your main optus account then you change those as well.
I'll give more details in my next post.
Once you've changed your password, you should check the following folders for anything dated after you first logged into the dodgy site:
* inbox - anything unexpected especially unknown orders / subscriptions / applications
* sent mail - for anything that they may have sent while impersonating you.
* delete mails - in case they tried to get rid of inbox/sent mail items but forgot to clear deleted mail folder.
As for consequences we can assume it is identity theft at some level especially with the trend of companies pushing for email bills, so:
1) Personal details that may be in bills, such as full name / address / phone number.
2) Bank/Card statements.
3) With optus primary web mail accounts usually sharing the same password as "my account" they would have access to all that info. They might try and change contact details and try and purchase phones through your account and have it shipped elsewhere.
Its impossible to tell how serious of a risk that has put you in, you will just need to be extra vigilant for any unexpected/suspicious emails/sms/phone calls/bills (in the next few months especially) in case they have managed to gleam anything useful from your emails or from any other account that uses that same password.