A huge flood of fake energy invoices is today hitting Australian inboxes.
Designed to mimic EnergyAustralia’s online bills, they aim to trick people into downloading malware with a click of the ‘View bill’ button.
The email looks realistic but hints that it’s a hoax include the misspelling of ‘July’ and the sending domain: “syrenergy.com”. Real invoices from the company are sent from noreply@billing.energyaustraliaonline.com.au.
The scam prompted a warning from EnergyAustralia for customers to exercise caution.
“Scam emails such as this one can appear very convincing and customers should take care with any email that requests them to click a link,” the company has advised.
“EnergyAustralia’s electronic bills to residential customers are sent from noreply@billing.energyaustraliaonline.com.au. If you receive an email from a different address that says it relates to your EnergyAustralia bill, please do not open it or click any links it contains.”
About the hoax invoice
Different dates and payment amounts are used on each version in a practice is known content spinning. This means invoices with an August due date mightn’t look suspicious on the surface.
The ‘view bill’ button links to a .zip file containing malicious JavaScript. It appears the aim of the malicious payload is to:
- Delay the analysis task by a long amount of time.
- Steal private information from local Internet browsers
- Install itself for autorun at Windows startup.
It was intercepted before hitting the inboxes of any MailGuard customer.
MailGuard thwarted a similar attempt to impersonate EnergyAustralia on June 20: http://www.mailguard.com.au/blog/dont-be-tempted-to-click-fake-energyaustralia-invoice.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
