Scammers target EnergyAustralia customers again

By on
Scammers target EnergyAustralia customers again

A security provider warns of yet another malware campaign masquerading as an energy bill.

Email security provider MailGuard has warned that another “well-made fake” of an Energy Australia bill has been sent by scammers to the tens of thousands of Australians today (20 November).

The “very convincing” email has “an authentic look” but clicking on the link in the email deposits not an electricity bill but a .zip file containing a JavaScript that appears to automatically download malware.

One clue is that the ‘From’ address is not an Energy Australia domain (energyaustralia.com.au). Instead, the domain is energyau.com, which was registered this morning.

More information about the attack is available from MailGuard.

The first attack

Back on 20 June 2017, we first reported that scammers have turned their attention to EnergyAustralia, coming hot on the heels of two malware campaigns that appeared to be Origin Energy bills.

Security provider MailGuard said it had detected “a large volume of malicious emails impersonating EnergyAustralia [invoices].”

According to CEO Craig McDonald, the emails appeared “exactly like a real bill from EnergyAustralia”, with randomised due dates and amounts so that each recipient gets a unique bill in an attempt to avoid detection.

The emails purported to come from energyagent.net, a newly registered domain.

Clicking the 'View bill' link downloaded a .zip archive that contains a malicious JavaScript file.

MailGuard did not describe the functionality of the malware, but a common strategy seems to be to just enough to establish a toehold in the system so that more substantial pieces can be installed to steal passwords, intercept and modify bank transactions, encrypt files, and so on.

An example of a fake invoice. Source: MailGuard.

Security tips

MailGuard offers some tips for identifying scam emails:

  • Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn't match, it is not legitimate. (The trouble with this suggestion is that so many organisations including community groups, motoring organisations, government departments and commercial entities send emails that fail this test because they use email distribution services that replace the actual links for tracking purposes.)
  • Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus. (We'd go even further, and suggest that all unexpected attachments be avoided, because there are ways of embedding malicious code into other types of file.)
  • Check who is sending you email communications. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily. (So avoid messages that fail this 'sniff test', but don't assume that you can trust all emails from addresses you recognise. We've previously described how fraudsters can take advantage of compromised email accounts.)
Copyright © BIT (Business IT). All rights reserved.
Tags:

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Poll

How long has your business been operating?
Up to 2 years
2-5 years
5-10 years
More than 10 years
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?