Jaclyn McRae 20 June 2017 13:41:55 AEST 3 MIN READ

Don’t be tempted to click fake EnergyAustralia invoice

A large volume of malicious emails impersonating EnergyAustralia emails is currently hitting inboxes.

The realistic-looking email masquerades as an invoice from the energy company.

Appearing exactly like a real bill from EnergyAustralia, it tells people the invoice is due in the coming days.

Fake EnergyAustralia invoice email MailGuard.jpg

The due date and amount owing are randomised so that each recipient gets a unique bill.

This is a tactic by the cybercriminals to avoid detection.

For those unlucky enough to receive the email, it contains a potentially-dangerous payload: clicking the ‘View bill’ link downloads a .ZIP archive file which contains a malicious JavaScript file.

Fake EnergyAustralia invoice email zip file MailGuard.jpg

Fake EnergyAustralia invoice email zip file download3MailGuard.jpg

The sending email address is noreply@energyagent.net – a domain registered in China yesterday.

It began distribution at 9.39am today, with MailGuard blocking thousands of variations of the email throughout the morning.

Why does randomised invoice totals work?

Traditional antivirus is less likely to flag the email as suspicious as it appears as a single, individual message, rather than one of a batch of thousands and thousands – as is the case with today’s EnergyAustralia scam.

As such, none of 65 traditional antivirus engines on Google-owned VirusTotal are detecting the link as suspicious.

Using our patented AI-led approach, MailGuard blocked the fraud email before it reached any customer inboxes.

Advice from EnergyAustralia on scam emails

Earlier this month EnergyAustralia warned customers to be wary of scam emails.

“If you have received this email, you can report it to EnergyAustralia by forwarding the email to staysafe@energyaustralia.com.au. Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else,” the website advises.

“Once you’ve sent the hoax email to staysafe@energyaustralia.com.au, delete it from your inbox immediately. Then empty your Deleted Items folder.”

Tips on how to identify a scam email

  • Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.
  • Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus.
  • Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top