The emails are known to include links which, if clicked, can download a particularly nasty type of ‘ransomware’ known as Cryptolocker to your computer.
The fake EnergyAustralia emails do appear to be quite realistic so you are urged to be cautious.
The fake emails currently include the salutation, ‘Dear Valued Customer’, and ask you to click on a link to view the details of your bill. If you receive this email, you should simply delete it.
EnergyAustralia points out that a legitimate email should include your name and account number.
EnergyAustralia has suggested anyone concerned should contact their customer service centre.
Stay Smart Online has warned previously about Cryptolocker. This appears to be a renewed campaign.
Cryptolocker is a type of ‘ransomware’, which encrypts the files on your computer, demanding a payment be made to the scammers in order to receive the ‘key’ to unencrypt your files.
Unlike some previous ransomware campaigns we have seen in recent months (such as police ransomware) which only blocked access to your computer, CryptoLocker actually encrypts the files on your computer. Unfortunately, in the case of CryptoLocker, without the encryption key, it is impossible to regain access to your files.
Some phishing emails may include clues which indicate they are a scam. These include being unsolicited and unexpected, coming from an unknown sender, not addressing you by name, containing spelling errors or poor use of English, and containing links to unfamiliar destination addresses. Of course while these clues might help your decision, they are not a guarantee.
You should trust your suspicions. If you receive a suspect email, do not reply to the message, open attachments or click on links. Your best option is to simply delete the message.
You can always navigate to the organisation’s website independently of links or details in the message and verify the information there.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.