Blog

Energy Bill Scam Locks Computer Files

posted by: FraudWatch International date: Jun 29, 2016 category: Industry News, Malware comments: 1

Most people in Australia would have heard about the recent email scam doing the rounds, purporting to be from a well-known energy company.

The email prompted the recipient to click on a link to download a copy of their bill. Instead of downloading an invoice however, the victims actually downloaded a virus (in the form of a .zip file) that, once extracted, installed malware to log everything typed on their computer keyboard.

The malware, known as ‘Ransomware’, also encrypted the files on their computer, making them inaccessible. The recipient was then prompted to pay $US640 ($A880) to unlock them. Even if the ransom is paid the malware will continue to monitor the computer, recording keystrokes and mouse movements.

 

72_Energy Bill Scam Claims Victims2

Figure 1: A ransom screen seen by those who download the infected .zip file

This destructive email scam successfully targeted at least 10,000 Australians in the week it was detected.

The fake energy bill email also gained access to companies across Australia. Users installed the file at work, where it caused widespread damage by gaining access to legitimate corporate emails, which could then be used to send the scam to a wider audience.

Once a file has downloaded ransomware such as Torrentlocker or Cryptolocker onto your computer, the only way to get rid of it is to restore from a backup or to wipe the computer and start over again. While big companies usually have the facilities to restore lost files from a backup, many home users aren’t so lucky.

In the recent energy bill scam, victims were directed to use URLs such as “checkyourbills.com” or “electricitybill.com” which would seem legitimate to most users. However, there were several things that could have indicated that the email was fake.

How to recognise a scam email

  • If you attempt to open a link on your iPhone or on a Mac computer and you get an error message telling you to use a Windows computer instead, be suspicious. These days, all websites from all Australian utility companies work on smart phones.
  • The file type of the attachment is another indication that it’s not a real bill. Bills are not generally sent as .zip files, they are usually sent as .pdf or something similar.
  • Australian utility companies will never send an email asking for personal banking or financial details. Anyone who has received a suspicious email should delete it immediately or, if opened, not click on any links contained within the email. Anyone with concerns relating to a scam email should contact Scamwatch on 1300 795 995.
  • Pay particular attention to the company who sent the email. If it’s from a company you do not have an account with, be suspicious. Never click on bills or attachments from companies you are not a client of.

Criminals rely heavily on our curious nature when it comes to clicking on links and opening web pages. To limit the risk of falling victim to email scams, users need to take a moment to think before clicking on any links.

What to Do If You’re Infected

  • Check if your computer has any backups.
  • Consult with an IT professional and seek advice on what can be recovered.
  • Restore your computer files from a backup or restore the entire system back to factory default settings.

You can read about another form of Ransomware in one of FraudWatch International’s previously published blog articles.