New EnergyAustralia email scam targeting thousands
Experts are warning Australian consumers to be extra wary when opening emails purporting to be from EnergyAustralia, after cyber security company MailGuard discovered a sophisticated new scam. Victims are being sent realistic-looking bills via email with unique payment amounts and due dates making it difficult to prove as a fake.
“Appearing exactly like a real bill from EnergyAustralia, it tells people the invoice is due in the coming days,” says MailGuard CEO Craig McDonald. “The due date and amount owing are randomised so that each recipient gets a unique bill. This is a tactic by the cybercriminals to avoid detection.”
As you can see in the image above, the email has been designed to look exactly like a genuine bill. However, a simple way to tell the bill is a fake is by looking at the email address from which it was sent – noreply@energyagent.net. When victims click on the “View bill” link, they will be taken to a webpage which automatically downloads a .ZIP file containing malicious material.
“If you have received this email, you can report it to EnergyAustralia by forwarding the email to staysafe@energyaustralia.com.au,” the real energy provider advises on its website. “Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else.
“Once you’ve sent the hoax email to staysafe@energyaustralia.com.au, delete it from your inbox immediately. Then empty your Deleted Items folder.”
To protect yourself from fraudsters, MailGuard recommend following these three tips.
- “Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
- “Never open an attachment that is a .ZIP file or .EXE file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus.”
- “Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.”