Think twice before you click on any links in your inbox. A huge flood of fake ebill notifications purporting to come from EnergyAustralia are hitting Australian inboxes today.
Using a display name of "EnergyAustralia", the email actually comes from one of a large number of compromised accounts. It advises the recipient that their latest EnergyAustralia bill is now ready to be viewed. A link is included to "View eBill", as per the screenshot below:
MailGuard understands unsuspecting recipients who click on the link to view their bill are led to a malicious file download or to a blank page.
While this scam isn’t as sophisticated in design as others that MailGuard has seen, cybercriminals do use several elements within the email body to convince recipients that it is a legitimate notification from EnergyAustralia. A key feature is the incorporation of the energy company’s logo, branding and layout. Another red flag is the lack of a personalised addressee. The email does not address any customers directly, but instead refer to ‘Dear Customer’.
EnergyAustralia, by its large database and established brand credibility, is an ideal company to spoof by cybercriminals as it widens their victim pool.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.