Fake of Origin steps up its game

Fake of Origin steps up its game

Email scam capitalises on increases in electricity prices

Australian energy companies are becoming a favourite impersonation subject of cyber criminals, as a new wave of malware-ridden emails began to hit inboxes late yesterday.

Email filtering company, MailGuard, said it noted “a huge uptick in email-based fraud attempts has continued today with an enormous distribution of fake Origin Energy invoices containing malware”.

The company described the campaign as one of the largest it had ever seen and said it began at lunchtime and continued throughout the afternoon of 21 June.

A sample email from the campaign (Source: MailGuard)
A sample email from the campaign (Source: MailGuard)

It claims the email was directed to a quarter of Australian companies. It is the third such campaign impersonating an energy company in the last month.

“It comes as Origin and EnergyAustralia, attacked yesterday, both announced price increases, adding to the confusion of customers who received the email scam,” MailGuard CEO, Craig MacDonald, said in a statement.

“This malware delivery is the third major scam impersonating Origin Energy since May 10, suggesting that the networks behind the scam are having some success in duping victims, and are thus stepping up the volume.”

Like its predecessors, the email masquerades as an electricity bill from Origin Energy, MailGuard said. It described the scam as a well-executed attempt, with perfect formatting and convincing branding.

The email sent to an ARN inbox
The email sent to an ARN inbox

At least one of these emails ended up in the in the inbox of an ARN journalist. The email was picked up by email filtering and ended up in the spam folder. On inspection the email appears to bear the same characteristics as the emails described by the company.

The file contained in the email
The file contained in the email

“It poses a particular risk due to the scale and apparent legitimacy. Usually, fraud email attempts that achieve huge scale are let down by poorly-formatted, unconvincing content,” MacDonald said.

The file contained in the email
The file contained in the email

Further evidence that the scam comes from the same or an associated criminal group is the sending address: noreply @ globalenergy finance. com [altered]. Like similar campaigns, the domain for the sender was registered 24 hours earlier in China, MailGuard said.

Energy companies are not the only ones caught up in these scam attempts, MailGuard said ASIC, MYOB, Commonwealth Bank, Westpac, Telstra, Dropbox, and Suncorp have all been mimicked in recent email scams.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareemailscamOriginOrigin Energyphishing attack



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments