Fake Energy Australia Email Drops Malware

Posted by Emmanuel Marshall on 20 November 2017 16:30:05 AEDT

 

It’s a busy Monday for cybercriminals and spam-bots apparently.

The MailGuard system has been intercepting large volumes of criminal-intent emails today, including this crafty number, designed to look like a bill notice from Energy Australia; one of Australia’s largest utility companies.

View your EnergyAustralia Electricity bill here - Mozilla Thunderbird_287 (002).png

As you can see from the screenshot above, this is a well made fake. The formatting of the email makes it look very convincing, and it’s easy to imagine this one could fool a lot of people.

The criminals responsible for this attack have even gone to the trouble of registering a new domain that is supposed to reassure recipients; ‘energyau[dot]com.’

The sender address on the email header reads: ‘noreply[at]energyau[dot]com.’ Although it has an authentic look to it, this domain was created with a Chinese domain registrar this morning and is in no way connected to the real Energy Australia company website which is at: ‘energyaustralia[dot]com[dot]au’

 

MailGuard Fast Response


MailGuard first spotted this email attack mid-morning (AEST) and since then we’ve detected tens-of-thousands of them being sent out.

Anyone unwary enough to click the link in the email will be delivered to a compromised SharePoint site hosting a .zip folder which contains a malicious JavaScript file. The .zip folder is named ‘EnergyAustralia Electricity bill’ to make it look less suspicious, but the skeptical amongst you will be aware that genuine bill documents are not delivered in .zip format.

Opening EnergyAustralia Electricity bill.zip_286 (002)-1.png

EnergyAustralia Electricity bill.zip _288 (002).png
The JavaScript file is most likely a ‘dropper’; a piece of code that when downloaded will, in turn, automatically download malware to the victim’s computer.

 

MailGuard Clients Protected


At the time of MailGuard’s interception of this attack, no other security vendors had detected this threat.

MailGuard successfully protected all our customer’s inboxes from delivery.

If you are not protected by MailGuard and you received an email like this today, be extremely cautious. If you clicked on the link in the message, your system may already be affected.

Run a virus scan on your system and contact us at MailGuard for further information on what steps to take to prevent harm to your computer.

Call us on 1300 30 44 30.

 

Protect Your Inbox


For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date on breaking scam news...
Follow us on Twitter, here.
Subscribe to MailGuard's free weekly updates by clicking on the button below:

Keep Informed with Weekly Updates

 

 

Topics: Cyber Threats Cloud Email Security Australian cybercrime Fake energy invoice EnergyAustralia

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all