Menu
Fake Origin Energy email scam orders up sneaky malware

Fake Origin Energy email scam orders up sneaky malware

Fake email directs to clone site loaded with malware

Australians are being warned to ignore a convincing but fake email-borne Origin Energy electricity bill that has been doing the rounds since 10 May.

Tens of thousands of the bogus emails started hitting inboxes at 8.30am on 10 May, according to enterprise email security provider, MailGuard.

The email, which MailGuard describes as “well-cratfed”, features Origin Energy branding, and employs the subject heading, “You Origin Electricity bill”, and is dated 16 May.

The amount due figure varies between individual scam emails, a tactic used to help it evade traditional antivirus software.

Another tactic employed by the cybercriminals behind the scam to further trick recipients into thinking the email is the real deal, is the inclusion of a line addressing privacy concerns that links to the real Origin Energy site.

If email recipients click on the “View bill” button, they are directed to a replica Origin Energy website, which links to a malware payload, which comes in the form of a JavaScript dropper, according to MailGuard.

The malware, which is hosted on a compromised Microsoft SharePoint account, is designed to install malicious files, such as keyloggers and other spyware, on the recipients’ systems.

An example of the fake email - (MailGuard)
An example of the fake email - (MailGuard)

“The scam email originates from a fake domain – originenergysolar.net – registered in China just days ago. It was sent from servers located in France,” MailGuard said in a blog post. “Those behind it have gone to considerable lengths to trick victims.”

The ploy bears some similarities to another email-instigated scam picked up by MailGuard last month.

According to enterprise email security provider, the scam began with a phishing email ostensibly from the Federal Government’s my.Gov.au site, telling the recipient to visit the site to verify their identity.

Recipients who click on a link in the email were taken to a replica of the real myGov site – a “near-perfect” clone of the centralised government services website, according to MailGuard.

Once victims were directed to the fake site, they were prompted to put their credit card details. Once this was done, they were then redirected to the genuine myGov website, in a bid to cover up the deception.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityscammailguardOrigin Energyphishingmalware

Show Comments