AGL phishing scam hits local inboxes

A new phishing email is hitting inboxes that impersonates energy company AGL and scams vulnerable people affected by recent storms and flooding into believing they could receive additional help with their bills.

The latest phishing scam has been identified by MailGuard and follows a similar scam seen in May.

In a LinkedIn post on Friday afternoon, MailGuard founder, Craig McDonald, said criminals behind the email – which contains dangerous ransomware – are cruelly praying on people who’ve suffered as a result of recent storms and flooding affecting parts of Australia.

Recipients who click on a link on the fake invoice risk having their PC – or entire system – held to ransom, said McDonald.

The phishing email has the subject line ‘My Monthly Bill', and is titled ‘AGL Paperless Invoice.’

“Those who click on the link are directed to a fake AGL website configured to serve malware with the potential to steal personal information such as log-in and password details from their PC,” McDonald said.

“The ‘captcha’ on the fake site works but doesn’t vary from one recipient to the next – it’s designed to instil a fake sense of security.”

AGL said in a statement that it will never send an email asking for personal banking or financial details.

“AGL advises recipients of any suspicious emails to run antivirus software and block the sender by adding to the junk folder list. AGL has reported the scam email to the Scamwatch, the Australian Competition Consumer Commission, and the Australian Federal Police.”

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter: @ByronConnolly