SMEs are being warned of a “nasty” phishing attempt that hit tens of thousands of email inboxes on Wednesday, arriving in the form of a fake a invoice from service provider Origin Energy.
The email was detected by email filtering software company MailGuard, which says the “nasty” email scam appears as a legitimate-looking bill notice for Origin Energy customers, advising of an amount due and inviting users to click through the email to view the bill. The email is dated May 16, and originates from a fake Origin email address, originenergysolar.net.
Upon clicking the link, users are directed to a compromised Microsoft SharePoint account and served malicious software in the form of a malware “payload”. This malware is then downloaded and infects users’ computers.
Cyber security expert at Sense of Security Michael McKinnon tells SmartCompany these attacks often involve a small application which computers do not view as malicious. It is then used to deliver malware payloads to unsuspecting users.
“This application gets installed and it doesn’t appear malicious, but once it’s installed it goes and fetches the malicious bits,” he says.
“In this situation there’s a bit of code on a webpage which isn’t being detected as malicious, but it’s implicated in the act of downloading malware.”
The malware in question in this phishing attempt is a keylogger, a relatively common form of malware, which sits on users’ computers, and records all keystrokes entered in the hopes of recording passwords or bank details for fraudulent use.
Some phishing attempts ask users to log into accounts via fake sign-in pages, attempting to gain access to bank accounts in order to drain funds.
McKinnon believes this scam potential to capture people who are curious about where the bill has come from.
“This might snare people who aren’t Origin Energy customers who get curious and click on the bill to see what it is. The next thing they know they’ve got malware on their system,” he says.
Unlike ransomware attacks, which can lock down computers and demand payment once installed, keyloggers typically run quietly in the background undetected. Due to this, they are able to be flushed out by antivirus software says McKinnon.
“This shows how it’s really important for people to use some form of antivirus, as it will have a reasonable chance of picking it up,” he says.
If users believe to have been affected by this scam, McKinnon recommends running an antivirus system scan, as the effect of the software isn’t always “immediate”.
Primarily, McKinnon advises Origin Energy customers to always pay bills through the company’s legitimate website, and for non-customers to just delete the email immediately, and “never click out of curiosity”.
In a statement to SmartCompany, an Origin Energy spokesperson said the company is finding more examples of “sophisticated” scams, and recommends customers think about the last time they paid their bills.
“We’re doing what we can to inform our customers and communities about how to spot fake bills, and what to do if they’ve received one,” the spokesperson said.
“We’re asking customers to consider when they last paid their account and to look closely at the sender, contact details and any links contained in the email.”
“If these don’t seem right, customers should not click any links, and instead delete the email and report it to the ACCCs Scamwatch service.”