EnergyAustralia has become the second local energy provider caught up in a major email phishing scam after a “large volume” of malicious emails recently began hitting Aussie inboxes according to email security company, MailGuard.
The Melbourne-based company said the realistic-looking email masquerades as an invoice from the energy company and tells people the invoice is due in the coming days.
“The due date and amount owing are randomised so that each recipient gets a unique bill,” MailGuard said in a blog post. “This is a tactic by the cybercriminals to avoid detection.”
The sending email address is noreply @ energy agent.net [spaces added] – a domain registered in China on 19 June and MailGuard said it began distribution at 9.39am on 20 June.
A sample email from the campaign (Source: MailGuard)
Earlier this month, EnergyAustralia warned customers to be wary of scam emails and the company addressed the current spate of emails in a post on its website on 20 June.
EnergyAustralia customers should be aware of a new email scam.
The hoax email invites customers to view their bill online but the ‘View bill’ link is malicious.
Scam emails such as this one can appear very convincing and customers should take care with any email that requests them to click a link.
One indicator of potential scam emails is the sender. EnergyAustralia’s electronic bills to residential customers are sent from email@example.com. If you receive an email from a different address that says it relates to your EnergyAustralia bill, please do not open it or click any links it contains.
If you receive a fake EnergyAustralia email, you can report it to EnergyAustralia by forwarding the email to firstname.lastname@example.org. Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else.
Once you’ve sent the hoax email to email@example.com, delete it from your inbox immediately. Then empty your Deleted Items folder.
Scam activity can also be reported to the ACCC Infocentre on 1300 302 502 or a state or territory fair trading authority.
If at any time you are concerned you have provided credit card or banking details to a potential scammer, please also alert your financial institution.
The attachment masquerades as a Zip file
Sign up for Computerworld eNewsletters.