A security provider warns of yet another malware campaign masquerading as an energy bill.
Email security provider MailGuard has warned that another “well-made fake” of an Energy Australia bill has been sent by scammers to the tens of thousands of Australians today (20 November).
One clue is that the ‘From’ address is not an Energy Australia domain (energyaustralia.com.au). Instead, the domain is energyau.com, which was registered this morning.
More information about the attack is available from MailGuard.
The first attack
Back on 20 June 2017, we first reported that scammers have turned their attention to EnergyAustralia, coming hot on the heels of two malware campaigns that appeared to be Origin Energy bills.
Security provider MailGuard said it had detected “a large volume of malicious emails impersonating EnergyAustralia [invoices].”
According to CEO Craig McDonald, the emails appeared “exactly like a real bill from EnergyAustralia”, with randomised due dates and amounts so that each recipient gets a unique bill in an attempt to avoid detection.
The emails purported to come from energyagent.net, a newly registered domain.
MailGuard did not describe the functionality of the malware, but a common strategy seems to be to just enough to establish a toehold in the system so that more substantial pieces can be installed to steal passwords, intercept and modify bank transactions, encrypt files, and so on.
MailGuard offers some tips for identifying scam emails:
- Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn't match, it is not legitimate. (The trouble with this suggestion is that so many organisations including community groups, motoring organisations, government departments and commercial entities send emails that fail this test because they use email distribution services that replace the actual links for tracking purposes.)
- Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus. (We'd go even further, and suggest that all unexpected attachments be avoided, because there are ways of embedding malicious code into other types of file.)
- Check who is sending you email communications. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily. (So avoid messages that fail this 'sniff test', but don't assume that you can trust all emails from addresses you recognise. We've previously described how fraudsters can take advantage of compromised email accounts.)