Internet Security: Phishing, Fake Emails, SMS & Hoax Websites

Did Optus send me this email or SMS? If you suspect that you've received an email or SMS from us requesting or 'phishing' for information, this article is for you.

Always keep in mind, Optus does not send unsolicited emails to customers asking for sensitive or personal information. If you've received an email or SMS that's asking for private information we encourage you to report it to us.

For further information on internet security, please visit the ACMA Internet Security Website.

What is Phishing?

Phishing describes criminal and fraudulent attempts to acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity. Often phishing emails or SMS will contain links to fraudulent websites that will attempt to 'phish' or capture your private information.

Back to Top


How do I Spot Phishing Emails/Websites/SMS?

The following traits are not always present in malicious email/websites/SMS, but hopefully they can assist you to determine the legitimacy of a suspect email or website. Below is a real example that was sent to customers, it contains a generic greeting, poor grammar, requests urgent action and has a misleading URL to a phishing website.

Image showing example of phishing email

Generic greeting

An email that is attempting to 'phish' will generally begin with a non-specific salutation, such as 'Dear OptusNet User' or 'Dear Customer'.

Poor grammar, spelling or layout

Phishing emails and websites copy the look and feel of trusted organisations and companies like banks and telecommunications companies and often contain links to other websites which look like the real thing. Whilst some phishing emails/websites can be convincing and look legitimate, many include poor grammar and spelling. Other tell-tale signs could be the use of incorrect logos, colours, fonts or the layout just may not seem right.

Requesting urgent action

Most phishing emails, SMS or websites try to get you to divulge or update your personal information with the threat that your account/service will be shut down, downgraded or changed etc if you don't supply information. An email or SMS that urgently requests you to supply sensitive personal information in this manner is usually an attempt at fraud.

Misleading links, sender addresses & fake attachments

Some phishing sites/emails can insert a false browser address bar or links that mask the true URL in your browser so that it appears that you're on a genuine website. Therefore checking the URL before clicking is not a certain way to know that the site/content is legitimate. i.e.If a URL or email address contains the word 'Optus', 'Optus Zoo' etc, it does NOT necessarily mean it's from Optus.

Another example of an attempt at phishing, this was not an Optus website.

Image showing phishing website

The same rules apply to attachments as they can contain malicious code/viruses. Never click or open an attachment in a suspicious or strange email as it could infect your computer.

Back to Top


What if I'm still not sure about an Email/Website/SMS?

Don't respond or submit any of your details. Instead contact the company/person it's meant to have come from using contact details taken from another source. Never use contact numbers, email addresses or links contained within a suspect email or website.

You could use phone directory for a phone number or you could open a new browser window and manually type in the URL of the company. e.g.

Back to Top


How to Report Phishing Websites & Emails?

Suspected fake Optus emails from hoax Optus websites

If you're using OptusNet webmail

If you're using OptusNet Webmail select the email and click the 'Report Spam' button. This will move the email to your Spam folder and also report the email through to us.

Image showing location of report spam button in OptusNet Webmail

The 'Report Spam' button is available in all folders except the Spam folder.  The more you mark, the better our system gets at detecting these messages.

If you're using another email service/client

If you're using an email application you'll need to manually add the suspect email's 'headers'. Headers are the addressing and routing information of the email. It's really important that you do this, so that we can take action. if you don't it could result in possible action taken against you for sending us spam!

The steps to do this are below. If your email application is not listed, use its help menu to find out how to see email headers.

  1. Open the suspect email (Do not click 'Reply' to open it)
  2. View the suspect email's 'header data' in your email program.
  3. - Apple Mail: Click 'View' > 'Message' > 'Long Headers'
  4. - Microsoft Outlook 2003/07: Inbox > Right click on the email > Click 'Message Options'
  5. - Microsoft Outlook 2010: Select the email > Click 'File' > 'Info' > 'Properties'
  6. - Thunderbird: Click 'View' > 'Headers' > 'Full'
  7. - Gmail: Click the 'Down Arrow' to the right of the sender name & reply options > 'Show Original'
  8. - Hotmail: Right click on the email > Click 'View Message Source'
  1. Copy the full header data from your email application and paste it at the top of the suspect email
  2. Forward the email with its headers to

Suspect phishing emails and fake websites purporting to be from other entities

You can report these to the ACCC's Scamwatch website or you can report it to the entity but only if they're well known and have an alternative means of contact. (e.g. a phone number)

Back to Top