MailGuard has intercepted a new phishing email campaign impersonating EnergyAustralia. The scam claims the recipient is eligible for a refund and urges them to “claim” the amount through a link in the email. Instead of issuing a refund, the message leads victims to a fake EnergyAustralia website designed to harvest personal information, credit card details and an SMS code that appears to authorise a charge.
What the Email Looks Like
The body of the email claims the recipient’s account has been reviewed and that a refund for the 2025–2026 period is available. It specifies a Refunded Amount: $865.70 AUD and includes a reference number. A prominent “Claim Your Refund” button is presented as the next step, accompanied by a red warning box stating the redemption link is valid for 24 hours.
Example phishing content shown using EnergyAustralia branding. Not affiliated with EnergyAustralia.
How The Scam Works
Clicking “Claim Your Refund” takes the recipient to a phishing site that imitates the EnergyAustralia web experience. The URL visible in the browser is not an official EnergyAustralia domain and is instead hosted on a lookalike address designed to appear trustworthy at a glance.
Example phishing content shown using EnergyAustralia branding. Not affiliated with EnergyAustralia.
After submitting their details, the user is taken to a second page titled “Payout method”. This page claims EnergyAustralia will issue a refund via card transfer and that the refunded amount will be credited to the user’s card. The page also displays Refunded Amount: 865.70 AUD and includes a green “Next” button.

Example phishing content shown using EnergyAustralia branding. Not affiliated with EnergyAustralia.
Once card details are entered, the scam escalates further by presenting a “One‑Time Security Code” page. The user is instructed to enter the security code received on their mobile phone.
A field labelled “SMS code” is provided, along with a link for users who did not receive their code, and a green “Next” button.

Example phishing content shown using EnergyAustralia branding. Not affiliated with EnergyAustralia.
MailGuard’s analysis indicates the attackers appear to be attempting to use the provided card details and SMS code to authorise a transaction or charge. The journey did not progress beyond this point in testing, suggesting the scammers may be processing the card in the background while keeping victims engaged.

Example phishing content shown using EnergyAustralia branding. Not affiliated with EnergyAustralia.
Why This Campaign Is Concerning
Refund‑themed scams remain effective because they exploit a familiar and positive moment in everyday life. Many people are accustomed to receiving account updates, bill adjustments and occasional refund notices from utilities and service providers. This campaign uses that familiarity to create urgency without appearing overly dramatic.
The promise of a specific refund amount, combined with a 24‑hour redemption window, introduces time pressure. The journey then blends routine steps, confirming details, entering card information, and providing an SMS code into what appears to be a standard verification process.
That combination is dangerous.
A seemingly legitimate refund request can be used to collect full card details, while the SMS code can be used to authorise charges or confirm transactions. The surrounding EnergyAustralia‑branded pages collect enough personal information to support further fraud, identity theft or targeted scams.
For businesses, these campaigns are also a workforce risk. Employees receiving personal refund notifications during the workday may click quickly, particularly if the message appears routine, beneficial and aligned with everyday digital interactions.
Warning Signs to Watch For
There are several warning signs in this campaign:
-
The email is not sent from an official EnergyAustralia domain.
-
The sender address uses pump-unit.de, which is unrelated to EnergyAustralia.
-
The email asks the recipient to click a button to “claim” a refund.
-
The link leads to a phishing website hosted on a non‑legitimate domain.
-
The site requests personal information, full card details and an SMS code.
-
The refund amount is framed as a specific figure to encourage quick action.
-
The final SMS verification step is designed to make the process appear genuine.
Recipients should never enter personal or payment details through links in unexpected refund emails. Instead, they should visit the official EnergyAustralia website or app directly and verify any account updates from there.
This campaign is a reminder that phishing does not always rely on complex technical deception. Often, it relies on routine behaviour.
A refund notice. A familiar brand. A quick form. A payment page that looks secure. Each step appears ordinary in isolation, but together they create a pathway for scammers to collect personal and financial information.
Stay Safe, Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
- Aren’t addressed to you personally.
- Are unexpected and urge immediate action.
- Contain poor grammar or miss crucial identifying details.
- Direct you to a suspicious URL that isn’t associated with the genuine company.
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
One Email Is All That It Takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.




