Malware-loaded scam email origin shifts again
- 17 July, 2017 10:52
Aussie inboxes are once again being hit by dodgy, malware-laden emails purporting to be from energy company, Origin.
This is at least the fourth time Origin Energy has had its brand hijacked in a large-scale malware attack in the past two months, according to email filtering company, MailGuard, which identified the new exploit.
The domain behind the exploit was registered in Cyprus on 16 July, according to MailGuard, a slight departure from previous exploits using the hijacking Origin brand, which were saw sending domains set up in China.
As before, the fake emails are designed to trick people into clicking a link that downloads malicious software to their system.
The malicious email began distribution in large quantities at roughly 8.40AM on 17 July, and at the time of writing it was continuing to flood inboxes in “huge” numbers, according to MailGuard.
“Like the other scams leveraging Origin Energy in the past two months, today’s email is well-formatted and contains the energy company’s distinctive orange branding,” MailGuard CEO, Craig McDonald, said.
In a common method to avoid spam filters, the senders have varied the dollar figure and due date, according to MailGuard.
In some instances, however, the perpetrators have slipped up by including a due date that has already passed, which conflicts with this warning in the email text: ‘PS: Don’t forget to pay by the due date, or you may have to pay a $12 late payment fee’.
MailGuard suggested a number of things to watch out for to identify the fake email. These include the subject line, ‘Your Origin electricity bill’ and the display name, ‘OriginEnergy’.
Other giveaways are the display and sending address, ‘noreply @ energy2u . info [altered] and an orange button with the words ‘view bill’.
Clicking the link on the dodgy emails triggers the download of a .zip file that contains malicious JavaScript.
Fake Origin emails started hitting Aussie inboxes in May, with tens of thousands of the bogus emails hitting inboxes on 10 May, according to MailGuard.
This was followed by subsequent waves of fake Origin emails in early and mid-June.
