Urgent warning about new energy bill scam
Origin Energy has had its brand hijacked in a large-scale malware scam for the fourth time in two months.
“A domain was registered in Cyprus yesterday to perpetrate the fake-invoice hoax, which is designed to trick people into clicking a link that downloads malicious software to their system,” said MailGuard CEO Craig McDonald.
The email began spamming people at 8:40am today and has continued to flood inboxes in huge numbers.
Like other scams that have targeted Origin Energy in previous months, the email is well-formatted and contains the company’s branding.
“In a common method to avoid spam filters, the senders have varied the dollar figure and due date,” Mr McDonald explained.
But in some instances they slip up by including a due date that has already passed, which conflicts with this warning in the email text: “PS: Don’t forget to pay by the due date, or you may have to pay a $12 late payment fee.”
How to spot a fake invoice
- Subject line: Your Origin electricity bill
- Display name: OriginEnergy
- Display (and sending address): noreply@energy2u.info
- An orange button with the words ‘View bill’. Clicking the link triggers the download of a .zip file that contains malicious JavaScript
Origin Energy says scammers mimic companies to trick people into opening an email, making a payment or clicking a link.
If you believe you have been scammed it is recommended you seek advice from www.scamwatch.gov.au or www.staysmartonline.gov.au.