Malware-loaded scam email origin shifts again

Malware-loaded scam email origin shifts again

More fake Origin emails hit inboxes

Aussie inboxes are once again being hit by dodgy, malware-laden emails purporting to be from energy company, Origin.

This is at least the fourth time Origin Energy has had its brand hijacked in a large-scale malware attack in the past two months, according to email filtering company, MailGuard, which identified the new exploit.

The domain behind the exploit was registered in Cyprus on 16 July, according to MailGuard, a slight departure from previous exploits using the hijacking Origin brand, which were saw sending domains set up in China.

As before, the fake emails are designed to trick people into clicking a link that downloads malicious software to their system.

The malicious email began distribution in large quantities at roughly 8.40AM on 17 July, and at the time of writing it was continuing to flood inboxes in “huge” numbers, according to MailGuard.

“Like the other scams leveraging Origin Energy in the past two months, today’s email is well-formatted and contains the energy company’s distinctive orange branding,” MailGuard CEO, Craig McDonald, said.

In a common method to avoid spam filters, the senders have varied the dollar figure and due date, according to MailGuard.

In some instances, however, the perpetrators have slipped up by including a due date that has already passed, which conflicts with this warning in the email text: ‘PS: Don’t forget to pay by the due date, or you may have to pay a $12 late payment fee’.

Sample email (MailGuard)
Sample email (MailGuard)

MailGuard suggested a number of things to watch out for to identify the fake email. These  include the subject line, ‘Your Origin electricity bill’ and the display name, ‘OriginEnergy’.

Other giveaways are the display and sending address, ‘noreply @ energy2u . info [altered] and an orange button with the words ‘view bill’.

Clicking the link on the dodgy emails triggers the download of a .zip file that contains malicious JavaScript.

Fake Origin emails started hitting Aussie inboxes in May, with tens of thousands of the bogus emails hitting inboxes on 10 May, according to MailGuard.

This was followed by subsequent waves of fake Origin emails in early and mid-June

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarespammailguardOrigin


EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments