Emmanuel Marshall 20 November 2017 16:30:05 AEDT 3 MIN READ

Fake Energy Australia Email Drops Malware


It’s a busy Monday for cybercriminals and spam-bots apparently.

The MailGuard system has been intercepting large volumes of criminal-intent emails today, including this crafty number, designed to look like a bill notice from Energy Australia; one of Australia’s largest utility companies.

View your EnergyAustralia Electricity bill here - Mozilla Thunderbird_287 (002).png

As you can see from the screenshot above, this is a well made fake. The formatting of the email makes it look very convincing, and it’s easy to imagine this one could fool a lot of people.

The criminals responsible for this attack have even gone to the trouble of registering a new domain that is supposed to reassure recipients; ‘energyau[dot]com.’

The sender address on the email header reads: ‘noreply[at]energyau[dot]com.’ Although it has an authentic look to it, this domain was created with a Chinese domain registrar this morning and is in no way connected to the real Energy Australia company website which is at: ‘energyaustralia[dot]com[dot]au’


MailGuard Fast Response

MailGuard first spotted this email attack mid-morning (AEST) and since then we’ve detected tens-of-thousands of them being sent out.

Anyone unwary enough to click the link in the email will be delivered to a compromised SharePoint site hosting a .zip folder which contains a malicious JavaScript file. The .zip folder is named ‘EnergyAustralia Electricity bill’ to make it look less suspicious, but the skeptical amongst you will be aware that genuine bill documents are not delivered in .zip format.

Opening EnergyAustralia Electricity bill.zip_286 (002)-1.png

EnergyAustralia Electricity bill.zip _288 (002).png
The JavaScript file is most likely a ‘dropper’; a piece of code that when downloaded will, in turn, automatically download malware to the victim’s computer.


MailGuard Clients Protected

At the time of MailGuard’s interception of this attack, no other security vendors had detected this threat.

MailGuard successfully protected all our customer’s inboxes from delivery.

If you are not protected by MailGuard and you received an email like this today, be extremely cautious. If you clicked on the link in the message, your system may already be affected.

Run a virus scan on your system and contact us at MailGuard for further information on what steps to take to prevent harm to your computer.

Call us on 1300 30 44 30.


Protect Your Inbox

For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date on breaking scam news...
Follow us on Twitter, here.
Subscribe to MailGuard's free weekly updates by clicking on the button below:

Keep Informed with Weekly Updates