Origin Energy scam email targets Australian’s with fake bill

Thousands of Australians have been targeted by a fake Origin Energy email containing dangerous malware designed to infect the user’s system.

The bogus emails started hitting inboxes at 8.30am on 10 May, according to enterprise email security provider, MailGuard.

The email, which MailGuard describes as “well-cratfed”, features Origin Energy branding, and employs the subject heading, “You Origin Electricity bill”, and is dated 16 May.

The amount due figure varies between individual scam emails, a tactic used to help it evade traditional antivirus software.

Another tactic employed by the cybercriminals behind the scam to further trick recipients into thinking the email is the real deal, is the inclusion of a line addressing privacy concerns that links to the real Origin Energy site.

If email recipients click on the “View bill” button, they are directed to a replica Origin Energy website, which links to a malware payload, which comes in the form of a JavaScript dropper, according to MailGuard.

The malware, which is hosted on a compromised Microsoft SharePoint account, is designed to install malicious files, such as keyloggers and other spyware, on the recipients’ systems.

Here is an example of what the fake bill looks like.

The amount due has been reported to vary between emails.

The scam email originates from a fake domain — originenergysolar.net — registered in China just days ago. It was sent from servers located in France.