AGL Branded ‘Electricity Bill’ Phishing Email Carrying Trojan Malware

Posted by Annamaria Montagnese on 20 May 2016 18:12:30 AEST

Thousands of Australian email users have been targeted with an AGL branded phishing email scam carrying Trojan malware.

The cybercrime network behind the attack have leveraged the well-known brand of the Australian utilities provider AGL, disguising their attack as an ‘Electricity Bill’ attachment in an attempt to trick unsuspecting email recipients into downloading the malware.

Here is a sample of the email that was identified and blocked for MailGuard clients:


The email appears to be from AGL advising the recipient of their current outstanding amount. The fake ‘AGL bill’ attached is a ZIP file, which contains a JavaScript file. Upon extracting the ZIP file and executing the resulting JavaScript file, a Trojan is downloaded and installed.

Why is Trojan malware dangerous?

Trojans sit quietly in the background, and will take actions not authorised by the user, such as modifying, stealing, copying or even deleting data.

This type of malware is most dangerous because the user may not notice it running in the background until such time they are made aware – this can sometimes be weeks or even months after the event.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
  • Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate

If unsure, do not click links or download files contained within the email and contact the purported sender directly to verify the authenticity of the email.

AGL also share tips on how phishing emails operate on their website.

We recommend that you share these tips with your staff to make them aware of these campaigns. By employing a cloud email and web security solution like MailGuard, you will reduce the incidence of these new variants of malicious email entering your network.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Phishing Cyber Criminals email scam Email Spam Trojan Scam AGL Trojan Malware

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all