Another massive AGL paperless invoice scam email doing the rounds this week

Posted by Annamaria Montagnese on 03 November 2016 16:53:42 AEDT

Thousands of fake AGL emails have been delivered to unsuspecting email users this week. Although the AGL brand has been used many times recently by cyber criminals, this one in particular is the same as the most recent phishing run MailGuard reported and blocked last month.

Although these email scams appear similar to the recipients, they actually differ each time in an effort to avoid detection by anti-virus and anti-spam software (i.e. the landing page URL has changed in this instance). MailGuard blocked 100% of the fake AGL phishing emails this week.

The email purports to originate from AGL, but actually originates from a compromised web host.

Here is a sample of the phishing email currently circulating:

MailGuard_Fake AGL email phsishing scam ransomware v2 NOV 2016.jpg

By clicking ‘Get Statement’, the recipient is directed to a fake landing page with the legitimate AGL branding. The Captcha code on the site actually works, however the number typically does not differ from person to person, so is only designed to instil a fake sense of security before downloading the supposed statement.

MailGuard_Fake AGL email phsishing scam landing page 1 NOV 2016.jpg

Clicking ‘Download’ commencing downloading of a malware package in a .zip file containing a dropper, which installs ransomware onto the user’s device.

Why is Ransomware dangerous?

When Ransomware files are executed by the email recipient or web user, the malware actually encrypts files on both the local device and possibly the entire network. The user or business may then be held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.

The only other option is for the business to stay offline and recover previous backups to get back online. Many users are left with no choice other than to pay the ransom, which can be for tens of thousands of dollars.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
  • Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate

If unsure, do not click links or download files contained within the email and contact the purported sender directly to verify the authenticity of the email.

AGL also share tips on how phishing and hoax emails operate on their website.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing Cyber Criminals email scam Email Spam Scam Crypto Ransomware crypto AGL Torrentlocker

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all