Thousands of Australians affected by energy bill scam

As if paying for electricity bills hurts our wallets enough, a new scam has set out to take even more of our money.

According to Fairfax, around 10,000 Australians have been targeted by the cunning email bill scheme, and it could potentially rort millions from people just like you and I.

This week an email was sent out purporting to be from AGL. It looks every bit like a legitimate electricity bill and it prompts you, like many real bills, to download the document.

This is where the scammers get you – at this point the download saves as a .zip file on the computer. When extracted it locks the machine down using malware known as “ransomware” and the user is prompted to pay $880 to unlock it.

Raymond Schippers, a senior analyst at global cybersecurity firm Check Point told SMH an analysis of the malware website by Check Point found at least 10,000 people had actually gone to the end of the download process, and were “very likely to have been infected”, while “many more” could have been affected.

The website used URLs such as “checkyourbills.com” or “electricitybill.com” and would look legitimate to “most users”, he said.

But if you’ve not yet click into a suspicious looking email, here’s how to know if it’s a fake:

• The fake AGL email will ask you to open it on a Windows computer only
• The attached file is .zip – a company will typically send a bill in .pdf format
• The website it redirects you to is not AGL’s website, or if it is, it has strange letters or numbers in the URL.

Energy company AGL says it’s aware of the scam that “contains malicious malware [and] has potential to access personal information”.

In a statement, AGL said it had reported the scam to the Australian Federal Police, the government’s Scamwatch website, and to the ACCC.

“The scam email presents as an e-Account and asks readers to click on a link,” the statement said. “AGL advises it will never send an email asking for personal banking or financial details.

“Anyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email. Anyone with concerns relating to this scam email should call AGL on 131 245 or contact Scamwatch on 1300 795 995”.

Tell us: have you ever been the victim of a scam? What happened?