Malicious bill notifications mimicking EnergyAustralia hit inboxes

Posted by Akankasha Dewan on 14 February 2019 17:05:10 AEDT

Less than a month after MailGuard intercepted an email scam purporting to be from EnergyAustralia, the utilities company has once again been brandjacked by cybercriminals.

Malicious emails in the form of fraudulent bill notifications from the company first arrived in inboxes early this afternoon (AEST). No other vendor was blocking the scam when MailGuard first detected it.  

The fraudulent email uses a display name of "EnergyAustralia". The ‘From’ field includes the address of the compromised account that was used to send it. The body of the message advises the recipient that their latest EnergyAustralia bill is now ready to be viewed. A link is included to "View Bill", as per the screenshot below:


Unsuspecting recipients who click on the link to view their bill are led to a malicious file download or to a blank page.

These emails are well-designed fakes and look very similar to actual EnergyAustralia notifications. Similar to last month’s scam, they utilise high quality graphical elements such as the usage of the company’s signature green branding and logo. EnergyAustralia, by its large database and established brand credibility, is an ideal company to spoof by cybercriminals as it widens their victim pool.

However, the emails do retain a red flag that points to the illegitimacy of the email – the lack of a personalised addressee. The email does not address any customers directly, but instead refer to ‘Dear Customer’. Such a trait is commonly observed in a typical email scam and MailGuard urges all users to be vigilant of such signs when accessing their emails.

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company directly and ask whether the email is legitimate
  • Offer money, reward or gift to entice you to hand over your personal details
  • Ask you to submit personal information that the sender should already have access to or should not be requesting from you in the first place 

Take Action to Defend Your Business

Email scams can be enormously costly and destructive, and new scams are appearing every week. Don’t wait until it happens to your business; take action to protect your business and your staff from financial and reputational damage, now.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime EnergyAustralia

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all