Massive Origin Energy scam email sent to a quarter of Australian businesses

SmartCompany, June 22, 2017

An estimated one in four Australian businesses have been sent a scam email purporting to be from Origin Energy this week, with experts labeling it one of the largest email attacks ever seen.

Tens of thousands of Australians started receiving the fraudulent messages around lunchtime yesterday, reports email security company MailGuard, with the attack continuing into the afternoon.

“Extrapolating out the volume we’ve seen, we conservatively estimate a quarter of businesses in Australia have received it, probably more,” MailGuard chief executive Craig McDonald told SmartCompany.

MailGuard has seen scams of this intensity in the past, but McDonald says the amount of emails sent in this case is “two to three times the normal amount and compressed into a short time frame”.

“They’re not just targeting business domain names either, they’re just sending it out to everyone. This a very broad attack.”

The scam is what McDonald describes as “well-executed”, masquerading as an energy bill from Origin with highly accurate branding and email formatting.

The email invites victims to view their bill online, but instead links to a website which then downloads a compressed file containing malware. If opened, the software installs itself on the computer and logs users’ data and keystrokes in an attempt to nab sensitive details such as credit card info or website logins.

One of the giveaways that the email is fraudulent is the sender’s address, noreply@globalenergy This domain is not associated with Origin energy, and was established in China 24 hours prior to the attack.

This large scale attack falls close to end of financial year, one of the busiest periods for SMEs, which McDonald believes increases the chance of time-poor employees or business owners clicking on the email.

MailGuard has seen a 400% increase in the number of fraudulent emails sent over the past two weeks, and in this week alone there have been three significant scam attempts picked up by the company.

“Cybercriminals have been inundating Australians with fraud emails this month, with the number of large-scale scam email attacks as high in one day as an average week,” McDonald says.

These attempts include an mail purporting to be from Energy Australia on Monday and another Origin Energy scam earlier this month. McDonald believes these attacks have deliberately coincided with the recent energy price increase announcements from both companies.

“A lot of social engineering goes into these attacks, and the correlation with the price increase announcements is the same idea. These scammers aim to trick users, and trickery is achieved by deception and distraction,” McDonald says.

“Criminals will be looking at any major announcements that get in the media, and they’re looking for anything that would help them be successful in their campaign.”

McDonald believes it’s time for businesses to acknowledge the scammers behind these attacks are “professionals”, and email attacks like these will only continue in both scale and complexity.

“It’s not about looking at the email’s grammar or spelling anymore, there’s an ever-increasing level of sophistication and attention to detail. This is how these scammers make a living,” he says.

“Protecting yourself is not as easy as it used to be.”

The most poignant advice McDonald can provide to SMEs is to “take your time”, recommending companies pick up the phone and give companies a call if any suspicious or unexpected bill lands in their inboxes.

Additionally, McDonald believes it’s time for business owners to get serious about educating themselves and staff.

“There’s always a human element to these things, and some staff or business owners will inevitably get tricked. It’s time for SMEs to get on top of that and get a basic understanding of these scams,” he says.

“Having antivirus isn’t enough anymore, because all it takes is one member of your staff to click on something and jeopardise your system.”

SmartCompany contacted Origin Energy but did not receive a response prior to publication.