Australians hit by phishing emails posing as EnergyAustralia

25

A large number of malicious emails posing as a bill from EnergyAustralia is hitting Australians, according to a report by Mailguard.

The email is a precise copy of a real EnergyAustralia bill, with the message noting the bill is due in just a few days. However, the sender is not looking for money, but attempts to trick the recipient into downloading a malware-laden Zip file that contains malicious JavaScript. The sending email address domain was just created and registered in China on June 18 with spam distribution beginning on the morning of June 19.

The attackers were clever enough to make sure each email is unique, with a different about of money owed and different due date. This level of randomization helps defeat antivirus software, MailGuard said.