MailGuard 29 November 2023 12:26:47 AEDT 6 MIN READ

Sneaky Phishers Attempt Energy Australia Refund Hoax

What are the chances that your energy provider wants to issue you a refund? Pretty slim indeed, which is why, no matter how appealing it sounds, you should take a moment to re-consider any offer that seems too good to be true, especially when it’s unexpected. 

That’s the case for the latest scam that’s spoofing Energy Australia, with a subject line reading ‘Refund available to be claimed, read more.’ Sadly it’s not your lucky day, and this email is in fact a scam. Although the email features Energy Australia branding, and the sender name is masked to spoof Energy Australia, the actual sender email address is noreply(at)campaign(dot)Eventbrite(dot)com, and the reply to address is info(at)buyritenaija(dot)com. Our assumption is that the sending account is a compromised Eventbrite account that has been re-named to Energy Australia. 

An example of the email is shown below:


Clicking the ‘Claim now’ link directs victims to the first phishing page, which states that ‘We have calculated your accumulated bills of 2022-2023 and found that you are eligible for a refund. Please note that this refund needs to be redeemed through our web app. Kindly visit our website and follow the instructions to claim your refund. Thank you and have a great day.’ The form on the page asks for your full name and email address.

While the page carries design elements familiar to an Energy Australia page, like its logo and colours, and links in the page footer, formatting issues like the duplicated logo and ‘NSW’ at the top of the page should be warning signs for customers thinking about continuing the process to claim their refund.

The page is also hosted on a domain that does not belong to Energy Australia, instead residing at ‘realbets(dot)anshuwap(dot)com/ci-sessions/well-known/Austria/default(dot)php’, belonging to a web hosting company in India.


After submitting your information in the first page and clicking the green ‘Next’ button, you will be presented with a page requesting your payout method. The form asks for your credit card number, card expiry date and CVV.


The final step in the process asks for the ‘One-Time Security Code’ that has been sent to your mobile device. In fact, that is the code generated by the scammers as they are attempting to authorise a transaction with the credit card details that you have already supplied.


Well-known and trusted brands like Energy Australia are frequent targets for spoofing and impersonation bill scams. With a large and loyal customer base, and offering a service that you can’t do without, they are a perfect subject for opportunistic scammers.

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates