EnergyAustralia brand hijacked again in fresh malware wave

EnergyAustralia brand hijacked again in fresh malware wave

Energy provider warns Australians to be on the lookout for the malware-loaded messages

A fresh wave of malicious, EnergyAustralia-branded emails has hit inboxes around the country, with the energy provider warning Australians to be on the lookout for the malware-loaded messages.

The phishing scam, which comes just one month after an earlier wave of fake EnergyAustralia-branded emails, hit inboxes, inviting recipients to check their bills online by clicking on a malicious link within the “view bill” button.

“Scam emails such as this one can appear very convincing and customers should take care with any email that requests them to click a link,” EnergyAustralia said in a statement.

EnergyAustralia has warned customers to be aware of the sender’s email address, with the energy provider always sending emails from noreply

MailGuard said that the latest wave of the EnergyAustralia-branded emails represents a particularly large influx. 

According to the email filtering company, the messages started to hit mailboxes at 8:50AM on the morning of 25 July. The sending address is noreply @ [altered], and the details vary for each email with different dates and payment amounts.

Sample email from the campaign (Source: MailGuard)
Sample email from the campaign (Source: MailGuard)

As with previous waves of fake EnergyAustralia-branded emails, the “view bill” button links to a .ZIP file containing malicious JavaScript.

MailGuard believes the malicious payload is aimed at delaying the analysis task, stealing private information from local internet browsers and installing itself for autorun at Windows start-up.

A spokesperson for the company said that the emails appeared well-formatted and quite sophisticated. In the case of at least one sample however, the veracity of the email was let down by the misspelling of July.

This is at least the second time this yearthat the energy provider's identity has been appropriated by a widely-distributed phishing scam with MailGuard warning of a similar attack in early June.

One of EnergyAustralia’s competitors, Origin Energy, has also felt the sting of phishing attacksfeaturing its branding, after two campaigns using the company’s name and logo hit in May and then in June.

Last week, Origin’s name was used once again in another large-scale malware attack.

EnergyAustralia is asking customers to forward fake emails to staysafe, while scams can also be reported to the Australian Competition and Consumer Commission (ACCC).

EnergyAustralia has reported this latest hoax to the relevant authorities to investigate.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremailguardEnergyAustraliaemail attack

More about Australian Competition and Consumer CommissionEnergyAustraliaOriginOrigin Energy

Show Comments