The Federal Department of Communications has warned small business owners to be vigilant following the discovery of a new scam involving fake electricity or gas bills.
The scam involves fake bills purporting to be from EnergyAustralia which do not include a customer name or number, and are instead addressed with the generic line “Dear Valued Customer”.
The emails also include a link to a malicious website, which is not controlled by EnergyAustralia, but includes many of the key details usually associated with an online billing site including an account number, billing period, due date and instructions for payment.
A variation of the scam automatically downloads a malicious malware program, known as CryptoLocker.
Upon installation, CryptoLocker encrypts key files on a computer, including work documents, photos, videos and music, then displays a countdown clock claiming users have 72 hours to pay a ransom or else their files will be deleted.
According to the ACCC’s SCAMWatch website, CryptoLocker affects systems running Microsoft Windows, including Windows 7, XP and Vista.
Antivirus software can remove the malware after an infection. However, since files are encrypted, the only way to restore them.
In a statement, an EnergyAustralia spokesperson told SmartCompany small businesses should be cautious if they receive any unexpected emails from the company.
“The [scam] letter contains a number of errors and does not include a customer’s name or account number,” the spokesperson said.
“EnergyAustralia is warning people who receive the emails to delete it immediately or report the scam activity to our customer service centre 133 466; the ACCC Infocentre on 1300 302 502 or a state or territory fair trading authority.
“EnergyAustralia takes scam activity seriously and has reported this latest hoax to the relevant authorities to investigate.”
Meanwhile, technology expert Paul Wallbank told SmartCompany the easiest way to avoid getting caught is to avoid any suspicious bills or emails.
However, a change to the computer settings of users can also help prevent malware being loaded.
“The important things are to have an up-to-date virus checker and to log into your computer as a limited user rather than as an administrator,” Wallbank says.
“Unfortunately a lot of Windows users have their accounts set up with full administrator privileges, when only limited privileges are needed. So just using the limited privileges would be my advice for businesses.
“It’s not just CryptoLocker it stops – it also stops a whole range of problems caused by systems settings being accidentally changed. And the good news is you can do it on a Mac, too.”
This story first appeared on SmartCompany.