Mimecast’s principal technical consultant, Garrett O’Hara, said the energy provider AGL is the latest instance of a scam where legitimate-looking bills or overdue notices are sent out to household and business customers.
“The AGL scam that is circulating is another in a long string of phishing emails that use our trust in well-known brands to bypass our natural suspicion. The scammers are again using a brandjacking approach with social engineering in the form of fear of a service being terminated,” he said.
“This can be successful to get people to click their link and provide credit card information.”
AGL's general manager of technology service and risk, John Taylor, said the energy giant is aware of the hoax, and said the problem is “an industry-wide issue”.
“We have communicated about the hoax through our website and social media channels,” Mr Taylor said.
“Anyone who receives this email should avoid clicking on any links or content from the email, and delete it.”
Similar scams have impersonated a number of prominent Australian businesses, including utilities and telcos, with reported losses surpassing $4 million so far in 2018.
Mr Garrett warned that anyone receiving an invoice or threat of service disruption because of overdue accounts should never simply pay the amount without first checking that the notice is legitimate.
“When someone gets an email from any company related to a service payment or threats of service disruption that would be unpleasant, they should ignore any links within the email and go directly to the company’s website,” he explained.
“Log into [your] account as normal … any issues would be highlighted if they existed without the risk of malware or theft of credit card information.”
It comes after a Perth car dealership lost $65,000 to a sophisticated invoice scam pertaining to be from one of its suppliers.
Dog lovers left heartbroken after puppy scam
While impersonating well-known companies with fake bills is one ongoing and high-profile scam doing the rounds in Australia, it is not the only one.
In WA, at least 28 people have lost a combined $51,000 so far this year after responding to ads of cute puppies seeking a new home.
Last year, 42 people lost some $88,000 to such scams.
The state’s commissioner of consumer protection, David Hillyard, said that bogus ads selling puppies have appeared on various websites, online trading platforms and social media, that pull at people’s heart strings as a means of exploiting them for cash.
When responding to the fake ads, people are told they need to pay up-front costs such as for transportation and shipping, quarantine clearances or other associated costs.
“The buyers fall in love with the images and believe the puppy is on its way, which leaves them vulnerable to pay whatever is demanded,” Mr Hillyard said.
“If you can’t verify the puppy is real or physically meet the seller, then don’t take a chance on losing your money – consider only dealing with local sellers and dog breeders.”
In a sign that business leaders should take note of, Mr Hillyard urged consumers to make online purchases through PayPal of with their credit card, rather than money transfers, given the increased likelihood of them getting their funds returned if a purchase does turn out to be a scam.
“Consumers need to be vigilant when responding to ads posted online and not pay any money until they check out the seller and make sure the offer is genuine,” he said.
“Check whether the sellers have a legitimate physical address, a landline and an Australian Business Number (ABN), plus look for online reviews.”
SMEs ‘primary targets’ for scammers
Both warnings come amid the federal government's Stay Smart Online Week, which aims to raise awareness of cyber security threats facing Australians from all walks of life. The campaign is being supported by AGL as well as a raft of other large businesses and organisations.
According to the Australian Cyber Security Centre (ACSC), almost half (43 per cent) of all cyber attacks in the country are directed specifically at SMEs, with losses averaging $10,000 for each business victim.
“When you realise 41 per cent of Australian businesses have no cyber security governance, it isn’t surprising they’re being targeted so specifically by cyber criminals. Australian businesses need to act fast and take their cyber security as seriously as other commercial risks,” Secureworks’ e-crime lead Alex Tilley said.