A fresh wave of malicious, EnergyAustralia-branded emails has hit inboxes around the country, with the energy provider warning Australians to be on the lookout for the malware-loaded messages.
The phishing scam, which comes just one month after an earlier wave of fake EnergyAustralia-branded emails, hit inboxes, inviting recipients to check their bills online by clicking on a malicious link within the “view bill” button.
“Scam emails such as this one can appear very convincing and customers should take care with any email that requests them to click a link,” EnergyAustralia said in a statement.
EnergyAustralia has warned customers to be aware of the sender’s email address, with the energy provider always sending emails from noreply @billing.energyaustraliaonline.com.au.
MailGuard said that the latest wave of the EnergyAustralia-branded emails represents a particularly large influx.
According to the email filtering company, the messages started to hit mailboxes at 8:50AM on the morning of 25 July. The sending address is noreply @ syrenergy.com [altered], and the details vary for each email with different dates and payment amounts.
As with previous waves of fake EnergyAustralia-branded emails, the “view bill” button links to a .ZIP file containing malicious JavaScript.
MailGuard believes the malicious payload is aimed at delaying the analysis task, stealing private information from local internet browsers and installing itself for autorun at Windows start-up.
A spokesperson for the company said that the emails appeared well-formatted and quite sophisticated. In the case of at least one sample however, the veracity of the email was let down by the misspelling of July.
This is at least the second time this yearthat the energy provider's identity has been appropriated by a widely-distributed phishing scam with MailGuard warning of a similar attack in early June.
One of EnergyAustralia’s competitors, Origin Energy, has also felt the sting of phishing attacksfeaturing its branding, after two campaigns using the company’s name and logo hit in May and then in June.
Last week, Origin’s name was used once again in another large-scale malware attack.
EnergyAustralia is asking customers to forward fake emails to staysafe @energyaustralia.com.au, while scams can also be reported to the Australian Competition and Consumer Commission (ACCC).
EnergyAustralia has reported this latest hoax to the relevant authorities to investigate.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.