June 22, 2017: Origin Energy Fake Email Bill

A huge uptake in email-based fraud attempts has continued, with an enormous distribution of fake Origin Energy invoices containing malware.

The hoax email inundation, one of the largest ever seen, began at lunchtime Wednesday and continued until 4am today. Given the scale, we conservatively estimates the email has been directed to a quarter of Australian companies – posing a risk to business systems if employees are convinced to click the malicious link. Given the nature of the scam, many consumers are also likely to be affected.

The email masquerades as an electricity bill from Origin Energy. It’s a well-executed attempt, with perfect formatting and convincing branding.

It poses a particular risk due to the scale and apparent legitimacy. Usually, fraud email attempts that achieve huge scale are let down by poorly-formatted, unconvincing content.

One of the few indications it is not legitimate is the sending address: noreply@ globalenergy finance.com. The domain was registered 24 hours earlier in China.

Cybercriminals have been inundating Australians with fraud emails this month, with the number of large-scale scam email attacks as high in one day as an average week.

Among the companies being mimicked on a significant scale in recent times include ASIC, MYOB, EnergyAustralia, Commonwealth Bank, Westpac, Telstra, Click Energy, Dropbox and Suncorp.

Similar to the malicious file distributed in a new MYOB-impersonation scam yesterday, this type of malware:

  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Also implements a process that significantly delays the analysis task.

Here’s what appears when people click “View bill”:

It comes as Origin and EnergyAustralia, attacked yesterday, both announced price increases, adding to the confusion of customers who received the email scam.

This malware delivery is the third major scam impersonating Origin Energy since May 10 (links below), suggesting that the networks behind the scam are having some success in duping victims, and are thus stepping up the volume.