Australians have been warned to delete a “seriously dangerous” phishing scam posing as an Origin Energy bill.
Tens of thousands of email inboxes were delivered fake bills loaded with malicious software on Wednesday, titled “Your Origin electricity bill”, with a due date of May 16.
It encourages users to look at their bill by clicking on a link in the email, but instead of redirecting recipients to the Origin website, it downloads malware designed to invade your computer and steal your usernames and passwords.
University of Canberra centre for internet safety expert Nigel Phair warned people to be wary.
“If you get the Origin Energy email and you click on the link that says ‘pay my bill’, what that does is download some malicious software which are in fact ‘keystroke loggers’,” he told The New Daily.
“The keystroke logger does as it says, it logs every keystroke, capturing you typing your bank account login or any other login details they can repeat elsewhere … it’s seriously dangerous.”
The scam originates from a fake domain, originenergysolar.net, and looks almost identical to an Origin Energy email, Mailguard found.
And while the email doesn’t ask for any private details, hackers can watch your every move after just one click, Mr Phair said.
The fake bill even links to the real Origin Energy website’s privacy page, including a line addressing privacy concerns.
“These criminals are actually pretty smart people and they’ll tinker it and tailor it until they find the recipe for success,” Mr Phair said.
‘Phishing scammers attack your trust’
Cybercriminals target a recipients’ trust in companies to catch people off guard, according to experts.
And you don’t even have to be a customer of the company to fall for these “plausible” scams.
“The thing about phishing is all about attacking trusted brands. All of the successful scams target your trust – Australia Post, Australian Federal Police, speeding fines, all things that look plausible,” Mr Phair said.
Prominent computer hacking investigator Simon Smith echoed that statement, saying people’s trust in online billing is also easily used against recipients.
“People speed through paying their bills and don’t really pay attention and obviously it’s coming from a source that isn’t Origin Energy and they aren’t looking at the exact hyperlinks behind it,” Mr Smith told The New Daily.
How to prevent
There are a number of ways to prevent being caught out by these malicious scams, including buying reputable anti-virus software.
But the most recommended, and cheapest option, from experts is to think before clicking.
“People need to use real-world sensibilities when online … If it’s too good to be true, it probably is,” Mr Phair said.
Mr Smith added: “People really need to pay attention to what they are clicking on and listen to the warning from their browser.
“The bottom line is you should never click any kind of script or file from an email that comes from anybody you don’t trust.”
Origin issued a statement via social media on Wednesday warning of the scam targeting its customers.
There's a current email scam claiming to contain an Origin bill. How to tell a scam email from a real Origin message https://t.co/2RGZv6URk6
— Origin (@originenergy) May 10, 2017
“If you get an email that seems to be from Origin, but you’re unsure about it, close it and call us. Please don’t forward the email or click on any links, as it may contain a virus or some other nasty that could do your computer harm,” the statement read.
“We’ll always send you an overdue notice and a disconnection warning. And we’ll do everything we can to reach you before we resort to disconnection.”