Fake AGL ransomware invoice strikes again

Posted by Jaclyn McRae on 14 October 2016 15:27:10 AEDT

 A new version of a phishing email impersonating energy giant AGL, and containing dangerous ransomware, is again hitting Australian inboxes.

Cruelly, the criminals behind the scam prey on the misfortune of those who’ve suffered as a result of recent storms and flooding that have affected parts of Australia.

In an effort to appear legitimate, the email says flooding victims may receive additional support to help pay their bill.

Those who make the mistake of clicking a link on the fake invoice risk having their PC – or entire system – held to ransom.

It’s not the first time a version of this scam has struck.

In late May a similar phishing email designed to impersonate AGL hit thousands of email addresses around Australia.

The new scam, which MailGuard has blocked to all its customers around the world, has the subject line ‘My Monthly Bill’ and is titled ‘AGL Paperless Invoice’.


Those who click the link are directed to a fake AGL website configured to serve malware.

The ‘captcha’ on the fake site works, but doesn’t vary from one recipient to the next – it’s designed to instil a fake sense of security.


The file downloaded is a malware downloader which could be used to download crypto-variant ransomware, along with other types of malware.


A warning from AGL: don’t click

AGL says it never sends emails asking for personal banking or financial details.

“Anyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email,” the company says.

“AGL advises recipients of any suspicious emails to run antivirus software and block the sender by adding to the junk folder list.

“AGL has reported the scam email to the Scamwatch, the Australian Competition and Consumer Commission (ACCC), and the Australian Federal Police.”

Why is ransomware dangerous?

When ransomware files have been run by the email recipient or web user, the malware encrypts files on the local device and possibly the entire network.

The user or business is then held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)
• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Our benchmarking shows that MailGuard is consistently 2-48 hours ahead of the market in preventing new attacks.

Discover tips on cybersecurity by subscribing to MailGuard’s blog.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates



^ Back to Top

Topics: Cyber Criminals Malware email scam Ransomware Cybersecurity AGL agl energy email fraud invoice scam AGL ransomware infosec

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all