October 12, 2018: New email scam alert: Fake AGL Electricty bill

Don’t be fooled if you receive an email citing an electricity bill from AGL – you may end up paying more than just the bill.

Having forged AGL’s logo and credentials, cybercriminals are sending out emails titled ‘AGL electricity bill’ to inboxes. The email informs recipients that they have received a summary of their latest electricity bill from ‘AGL Energy’ and contains multiple links within its body. All links lead to a legitimate AGL page, except for

Unsuspecting recipients who click on the ‘Download bill (PDF)’ button in the email are led to a compromised WordPress website which then redirects to another compromised site. Recipients are then receiving a prompt to download a ZIP file, containing a malicious payload. The email actually comes from one of a large number of compromised WordPress websites that are linked to in the email.

Don’t get scammed.
Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we’re all capable of making bad judgement calls.