The phishing attacks against Australian energy customers grew yesterday with Mailguard reporting an enormous number of phishing attempts made centered on fake Origin Energy bills.
The attack is one of the largest recorded by MailGuard despite the fact that it ran for only a short period. Mailguard estimates the attack began around noon and ran into the later afternoon. The attack follows a similar barrage of phishing emails sent to EnergyAustralia customers earlier this week.
Much like the earlier attack, the emails being sent to Origin Energy customers pose as a bill from Origin asking the recipient to click on what is in fact a malicious link that downloads malware that can steal private information and act as a keylogger. The malware installs itself to run when Windows starts up and implements an obfuscation process making it hard to detect.
“Given the scale, MailGuard conservatively estimates the email has been directed to a quarter of Australian companies – posing a risk to business systems if employees are convinced to click the malicious link. Given the nature of the scam, many consumers are also likely to be affected,” Mailguard told SC Media.
The phishing scam is well-crafted with the only obvious flaw being the return address, noreply@ globalenergy finance.com. As in the EnergyAustralia attack, this domain was registered one day earlier in China.