Jaclyn McRae 10 July 2017 15:17:00 AEST 3 MIN READ

Scam avalanche continues: Origin Energy attack one of largest seen

A huge uptick in email-based fraud attempts has continued, with an enormous distribution of fake Origin Energy invoices containing malware.

The hoax email inundation, one of the largest ever seen by MailGuard, began at lunchtime Wednesday and continued until 4am today.

Given the scale, MailGuard conservatively estimates the email has been directed to a quarter of Australian companies – posing a risk to business systems if employees are convinced to click the malicious link. Given the nature of the scam, many consumers are also likely to be affected.

The email masquerades as an electricity bill from Origin Energy. It’s a well-executed attempt, with perfect formatting and convincing branding.

Your Origin electricity bill MailGuard June21-1.png

It poses a particular risk due to the scale and apparent legitimacy. Usually, fraud email attempts that achieve huge scale are let down by poorly-formatted, unconvincing content.

One of the few indications it is not legitimate is the sending address: noreply@ globalenergy finance.com. The domain was registered 24 hours earlier in China. 

Cybercriminals have been inundating Australians with fraud emails this month, with the number of large-scale scam email attacks as high in one day as an average week.

Among the companies being mimicked on a significant scale in recent times include ASIC, MYOB, EnergyAustralia, Commonwealth Bank, Westpac, Telstra, Click Energy, Dropbox and Suncorp.

Similar to the malicious file distributed in a new MYOB-impersonation scam yesterday, this type of malware:

  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Also implements a process that significantly delays the analysis task.

Here's what appears when people click "View bill":

Opening Origin_electricity_bill.zip MailGuard.png

Origin_electricity_bill.zip MailGuard.png

It comes as Origin and EnergyAustralia, attacked yesterday, both announced price increases, adding to the confusion of customers who received the email scam.

This malware delivery is the third major scam impersonating Origin Energy since May 10 (links below), suggesting that the networks behind the scam are having some success in duping victims, and are thus stepping up the volume.

Scammers ramp up EOFY attacks with new Origin malware blast (June 14)

Warning: Malware just one click away in Origin Energy email scam (May 10)

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top