Fake Energy Australia Email Infected with Malware

A fresh malware-dropping email scam has hit inboxes this week which is loaded with malware trying to catch out Energy Australia customers which looks like this image below:

The email is well-designed and very similar to an original, appearing to be an invoice from the company asking recipients to pay a significant amount, around $500-700. However, instead of trying to get users’ banking details or scam funds from recipients, the cyber-criminals attempted to drop malware onto users’ systems.

On clicking the “view bill” button, users are directed to a fake Energy Australia website which was reportedly registered especially for this scam and is relatively similar to the actual Energy Australia website. The fake website is ‘energyau[dot]com’, where the real website is energyaustralia[dot]com.au.

Once reaching the website, a fake bill is downloaded to recipients’ computers in a zip file, which contains a malicious JavaScript file, or malware. The exact intention of the malware is unknown, but it could be used for anything from logging users’ keystrokes or stealing and locking up data.

In a statement, Energy Australia warned its customers to be vigilant with email scams like this one, with a spokesperson saying such emails “can appear very convincing and customers should take care with any email that requests them to click a link”.

“One indicator of potential scam emails is the sender. EnergyAustralia’s electronic bills to residential customers are sent from noreply@billing.energyaustraliaonline.com.au. If you receive an email from a different address that says it relates to your EnergyAustralia bill, please do not open it or click any links it contains,” the spokesperson said.

The company also advised users to report the fake email to the Australian Competition and Consumer Commission’s ScamWatch, and then delete the email from their inbox.

Leave a Reply