MailGuard 02 October 2024 15:25:02 AEST 7 MIN READ

Origin Energy Bill, Refund Scam

Amidst the current cost of living crisis, energy costs are a major challenge for many Australians, making this most recent scam even crueller. It promises a refund, informing recipients that they have paid twice due to a system error, and encouraging them to complete a claim form to recover their money.

The emails feature a variety of subject lines, including:

  • ? Reminder : Your Origin (e-Receipt) Refund bill   
  • 🕑 Reminder : Your Origin (e-Receipt) Refund bill   
  • ? Reminder : Your Origin Refund bill               
  • 🕑 Reminder : Your Origin Refund bill, and
  • Your Origin Refund bill   

And they impersonate the legitimate email address of Origin Energy, with the sender and display email addresses of ‘hello(at)origin(dot)com(dot)au’. The same email address advertised by Origin Energy on its website.

origin hello-website

Although the emails carry the Origin Energy logo and footer, the formatting is not ideal, especially for the currency amount that displays the refund amount with the dollar sign after the numerical amount, so hopefully those clues may be enough to alert some potential victims. However, for those that continue through, the email features a link to complete a claim to get their refund.

Here’s an example of what the emails look like:

origin-1024-email-masked

Clicking the link takes victims to the first phishing page which is a close replica of the Origin Energy website, kicking off the claim process by asking for your personal details. You may notice another grammatical error, with the misspelling of ‘Billing Adresse’ which we hope will be another red flag to respondents.

origin-1024-personal-details

For those that continue through the process, the next step is designed to capture your credit card details, including the credit card number, the expiry date and the security code.

origin-1024-credit-card-1

After submitting the credit card details, a waiting screen is displayed that appears to be processing the information.

origin-1024-processing

In the final step, the scammers request an SMS verification code, which we presume is actually to authorise a payment that they have processed using the credit card information captured on the previous screens.

origin-1024-SMS

Energy companies and utilities are regular targets for impersonation by cybercriminals, because the services that they provide are essential to our everyday lives, and because the brands are well-known and trusted by millions. For that reason, the scammers are hoping that recipients may be complacent and drop their guard.

Here’s some advice from Origin Energy, although on this occasion some of the advice about the legitimate domain of Origin(dot)com(dot)au may not be so helpful:

What should you do if you think you’ve received a scam email?

  • Close it and contact us
  • Forward the fake email to hello@origin.com.au so we can investigate further

What not to do

  • Click on links
  • Open attachments
  • Download pictures
  • Forward the scam email to others

How to spot a scam

  • Be on the front foot, here’s how you can tell if an email or text is a scam or a real Origin email:
  • It might be an email scam if the sender has a suspicious email address.
  • You’ll always have options on how to pay your bills. You can find a list of our payment methods on our website.

If you receive a suspicious email you suspect could be a scam Origin email, the quickest way to confirm whether it’s real or not is to check your account either using My Account or the Origin App. Your most current energy bill and billing history will appear there.

What are the legitimate Origin emails?

We’ll only send emails from:

  • originenergy.com.au 
  • origin.com.au 
  • ecomms.origin.com.au
  • icomms.origin.com.au 
  • originbroadband.com.au

Emails sent from other domains that may look similar should be treated as suspicious. We also encourage our suppliers to be vigilant when receiving any such requests and to ensure they’re familiar with Origin’s standard supplier process.’

You can learn more, including how to contact Origin Energy here.

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being. 

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates