Australians are warned not to click a convincing fake Origin Energy electricity bill which contains a direct link to malware.
Tens of thousands of copies of the email began hitting inboxes around 8.30am today.
The well-crafted email uses Origin Energy branding, and uses the subject line “Your Origin electricity bill”, with a due date of May 16.
But those who click the ‘View bill’ button are in for a nasty surprise.
Rather than directing recipients to a replica Origin Energy website, it links to a malware payload in the form of a JavaScript dropper, designed to install malicious files such as keyloggers (see below) to the victim’s system. The malware is hosted on a compromised Microsoft SharePoint account.
The scam email originates from a fake domain – originenergysolar .net – registered in China just days ago. It was sent from servers located in France.
Those behind it have gone to considerable lengths to trick victims.
The amount due varies from one email to the next. This is a ploy used by scammers to evade traditional antivirus software.
In order to make it look legitimate, the email is designed responsively so that it renders perfectly on both PC screens and mobile devices.
Sneakily, the cybercriminals behind the fraud even include a line addressing privacy concerns. It directs recipients to the real Origin Energy website’s privacy page.
While MailGuard blocked the email from its customers’ inboxes, non-customers are at risk of malware infection.
The danger of keyloggers
A keylogger is a type of spyware that can watch and record your keystrokes. It can see what you write in an email, what passwords you enter on a banking website, or any other information you provide online.
These malicious trojans sit quietly in the background, taking actions not authorised by the user, such as stealing, modifying or even deleting data.
Tips from Origin Energy on detecting scams
Origin Energy says scammers often mimic legitimate companies to trick people into opening an email, clicking on a link or even making a payment.
“Some scam emails try to get you to click on links that launch nasty viruses, ready to invade your computer, and the computer of everyone you email, to delete or lock your files.”
The company recommends seeking advice from www.scamwatch.gov.au or www.staysmartonline.gov.au if you think you’ve been scammed.
Some further information: Why email scammers hide behind big names.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.
