The hoax email inundation, one of the largest ever seen by MailGuard, began at lunchtime Wednesday and continued until 4am today.
Given the scale, MailGuard conservatively estimates the email has been directed to a quarter of Australian companies – posing a risk to business systems if employees are convinced to click the malicious link. Given the nature of the scam, many consumers are also likely to be affected.
The email masquerades as an electricity bill from Origin Energy. It’s a well-executed attempt, with perfect formatting and convincing branding.
It poses a particular risk due to the scale and apparent legitimacy. Usually, fraud email attempts that achieve huge scale are let down by poorly-formatted, unconvincing content.
One of the few indications it is not legitimate is the sending address: noreply@ globalenergy finance.com. The domain was registered 24 hours earlier in China.
Cybercriminals have been inundating Australians with fraud emails this month, with the number of large-scale scam email attacks as high in one day as an average week.
Among the companies being mimicked on a significant scale in recent times include ASIC, MYOB, EnergyAustralia, Commonwealth Bank, Westpac, Telstra, Click Energy, Dropbox and Suncorp.
Similar to the malicious file distributed in a new MYOB-impersonation scam yesterday, this type of malware:
- Steals private information from local Internet browsers
- Installs itself for autorun at Windows startup
- Also implements a process that significantly delays the analysis task.
Here's what appears when people click "View bill":
It comes as Origin and EnergyAustralia, attacked yesterday, both announced price increases, adding to the confusion of customers who received the email scam.
This malware delivery is the third major scam impersonating Origin Energy since May 10 (links below), suggesting that the networks behind the scam are having some success in duping victims, and are thus stepping up the volume.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.