EnergyAustralia has become the second local energy provider caught up in a major email phishing scam after a “large volume” of malicious emails recently began hitting Australian inboxes, according to email security company, MailGuard.
The Melbourne-based company said the realistic-looking email masquerades as an invoice from the energy company, advising customers that the invoice is due in the coming days.
“The due date and amount owing are randomised so that each recipient gets a unique bill,” MailGuard said in a blog post. “This is a tactic by the cybercriminals to avoid detection.”
The sending email address is noreply @ energy agent.net [spaces added] – a domain registered in China on 19 June and MailGuard said it began distribution at 9.39am on 20 June.
Earlier this month, EnergyAustralia warned customers to be wary of scam emails and the company addressed the current spate of emails in a post on its website on 20 June.
EnergyAustralia customers should be aware of a new email scam.
The hoax email invites customers to view their bill online but the ‘View bill’ link is malicious.
Scam emails such as this one can appear very convincing and customers should take care with any email that requests them to click a link.
One indicator of potential scam emails is the sender. EnergyAustralia’s electronic bills to residential customers are sent from firstname.lastname@example.org. If you receive an email from a different address that says it relates to your EnergyAustralia bill, please do not open it or click any links it contains.
If you receive a fake EnergyAustralia email, you can report it to EnergyAustralia by forwarding the email to email@example.com. Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else.
Once you’ve sent the hoax email to firstname.lastname@example.org, delete it from your inbox immediately. Then empty your Deleted Items folder.
Scam activity can also be reported to the ACCC Infocentre on 1300 302 502 or a state or territory fair trading authority.
If at any time you are concerned you have provided credit card or banking details to a potential scammer, please also alert your financial institution.
One of EnergyAustralia’s competitors, Origin Energy has also felt the sting of phishing attacks after two campaigns using the company’s name and branding hit in May and then in June.
The Australian Competition and Consumer Commission (ACCC) recently released its Scamwatch findings which showed more than 15,000 reports had been filed in the past six months, with over $615,000 lost from more than 2,300 reported incidents.
Targeting mainly Queensland ($200,000 lost), Victoria ($197,000 lost) and New South Wales ($147,000 lost), individuals over the age of 55 suffered most, losing more than $380,000 since January.
Cyber criminals struck predominantly through mobile phones, email and internet, accounting for losses of $255,000, $190,000 and $114,000 respectively.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.