ARN

Fake of Origin steps up its game

Email scam capitalises on increases in electricity prices

Australian energy companies are becoming a favourite impersonation subject of cyber criminals, as a new wave of malware-ridden emails began to hit inboxes late yesterday.

Email filtering company, MailGuard, said it noted “a huge uptick in email-based fraud attempts has continued today with an enormous distribution of fake Origin Energy invoices containing malware”.

The company described the campaign as one of the largest it had ever seen and said it began at lunchtime and continued throughout the afternoon of 21 June.

A sample email from the campaign (Source: MailGuard)
A sample email from the campaign (Source: MailGuard)

It claims the email was directed to a quarter of Australian companies. It is the third such campaign impersonating an energy company in the last month.

“It comes as Origin and EnergyAustralia, attacked yesterday, both announced price increases, adding to the confusion of customers who received the email scam,” MailGuard CEO, Craig MacDonald, said in a statement.

“This malware delivery is the third major scam impersonating Origin Energy since May 10, suggesting that the networks behind the scam are having some success in duping victims, and are thus stepping up the volume.”

Like its predecessors, the email masquerades as an electricity bill from Origin Energy, MailGuard said. It described the scam as a well-executed attempt, with perfect formatting and convincing branding.

The email sent to an ARN inbox
The email sent to an ARN inbox

At least one of these emails ended up in the in the inbox of an ARN journalist. The email was picked up by email filtering and ended up in the spam folder. On inspection the email appears to bear the same characteristics as the emails described by the company.

The file contained in the email
The file contained in the email

“It poses a particular risk due to the scale and apparent legitimacy. Usually, fraud email attempts that achieve huge scale are let down by poorly-formatted, unconvincing content,” MacDonald said.

The file contained in the email
The file contained in the email


Further evidence that the scam comes from the same or an associated criminal group is the sending address: noreply @ globalenergy finance. com [altered]. Like similar campaigns, the domain for the sender was registered 24 hours earlier in China, MailGuard said.

Energy companies are not the only ones caught up in these scam attempts, MailGuard said ASIC, MYOB, Commonwealth Bank, Westpac, Telstra, Dropbox, and Suncorp have all been mimicked in recent email scams.