Life Tech Warning! That ‘Origin Energy bill’ aims to plant a spy in your computer
Updated:

Warning! That ‘Origin Energy bill’ aims to plant a spy in your computer

Origin Energy Scam
Tens of thousands of Australians have received an email with a scam intending to steal private information. Photo: Getty
Share
Tweet Share Reddit Pin EmailComment

Australians have been warned to delete a “seriously dangerous” phishing scam posing as an Origin Energy bill.

Tens of thousands of email inboxes were delivered fake bills loaded with malicious software on Wednesday, titled “Your Origin electricity bill”, with a due date of May 16.

It encourages users to look at their bill by clicking on a link in the email, but instead of redirecting recipients to the Origin website, it downloads malware designed to invade your computer and steal your usernames and passwords.

University of Canberra centre for internet safety expert Nigel Phair warned people to be wary.

“If you get the Origin Energy email and you click on the link that says ‘pay my bill’, what that does is download some malicious software which are in fact ‘keystroke loggers’,” he told The New Daily.

“The keystroke logger does as it says, it logs every keystroke, capturing you typing your bank account login or any other login details they can repeat elsewhere … it’s seriously dangerous.”

The scam originates from a fake domain, originenergysolar.net, and looks almost identical to an Origin Energy email, Mailguard found.

Origin Energy scam
The fake Origin Energy email sent to more than 100,000 Australians. Photo: Mailguard

And while the email doesn’t ask for any private details, hackers can watch your every move after just one click, Mr Phair said.

The fake bill even links to the real Origin Energy website’s privacy page, including a line addressing privacy concerns.

“These criminals are actually pretty smart people and they’ll tinker it and tailor it until they find the recipe for success,” Mr Phair said.

‘Phishing scammers attack your trust’

Cybercriminals target a recipients’ trust in companies to catch people off guard, according to experts.

And you don’t even have to be a customer of the company to fall for these “plausible” scams.

“The thing about phishing is all about attacking trusted brands. All of the successful scams target your trust – Australia Post, Australian Federal Police, speeding fines, all things that look plausible,” Mr Phair said.

fake aus post
Phishing scammers have used fake Australia Post emails in the past.

Prominent computer hacking investigator Simon Smith echoed that statement, saying people’s trust in online billing is also easily used against recipients.

“People speed through paying their bills and don’t really pay attention and obviously it’s coming from a source that isn’t Origin Energy and they aren’t looking at the exact hyperlinks behind it,” Mr Smith told The New Daily.

How to prevent

There are a number of ways to prevent being caught out by these malicious scams, including buying reputable anti-virus software.

But the most recommended, and cheapest option, from experts is to think before clicking.

“People need to use real-world sensibilities when online … If it’s too good to be true, it probably is,” Mr Phair said.

Mr Smith added: “People really need to pay attention to what they are clicking on and listen to the warning from their browser.

“The bottom line is you should never click any kind of script or file from an email that comes from anybody you don’t trust.”

Origin issued a statement via social media on Wednesday warning of the scam targeting its customers.

“If you get an email that seems to be from Origin, but you’re unsure about it, close it and call us. Please don’t forward the email or click on any links, as it may contain a virus or some other nasty that could do your computer harm,” the statement read.

“We’ll always send you an overdue notice and a disconnection warning. And we’ll do everything we can to reach you before we resort to disconnection.”

Comments
View Comments