Fake Origin Energy bill targeted Aussies; security firm warns against scams
Aussies were targeted by a fake Origin Energy bill loaded with malware on Wednesday. The hoax, which has been sent through email, had a direct link to a malware payload in the form of a JavaScript dropper and installs files, such as keyloggers.
The subject line "Your Origin electricity bill" was used in the emails and asked for various amount ranging from $300 to $800 due on May 16. The emails appeared legit as it even included an Origin Energy's real privacy page that provided tips to customers in preventing scams.
The scam was spotted by endpoint security firm Mailguard. According to the firm, tens of thousands of emails that originated from a fake domain were distributed on Monday morning. It has learned that the fake domain, originenergysolar.net, was registered in China. The malware is hosted on a compromised SharePoint account and was delivered from a French server.
MailGuard CEO Craig McDonald has warned that bill hoaxes are on the rise. He said well-known and trusted entities such as Telstra, FedEx, Google, Australia Post and the Australian Government's myGov website are being impersonated by cyber criminals in carrying out targeted attacks, Sydney Morning Herald reported. He explained that the reason behind this strategy is that scammers think that by impersonating brands people are dealing with everyday, there is a better chance they will click the link to see how much money they supposedly owe or check the parcel they may have ordered.
Australian Competition and Consumer Commission deputy chair Delia Rickard has supported McDonald’s statement, noting there has been 136 reports of utility-bill scams since the start of the year. She revealed that most scams try to have victims pay false billing. They usually ask for personal details and may or may not download malware onto the victims’ computers.
Based on scam statistics from ACCC, there were 14,634 reports of false billing last year, and Australians have lost $659,835 to these scams. The most successful hoax method found was through emails and people aged 25 to 34 lose the most of money.
Origin has reacted about its name being used by fraudsters, saying scammers often used legitimate companies to trick people. “Some scam emails try to get you to click on links that launch nasty viruses, ready to invade your computer, and the computer of everyone you email, to delete or lock your files,” the electricity and gas company said per CRN.
Read more: Abortion still a crime in NSW as reform bill fails
Aldi’s biggest sale in Australia starts on May 20
ABC Action News/YouTube