This email, which appears to have been sent by large Australian energy company AGL, supposedly contains your latest electricity bill in an attached file. The email contains the amount of the supposed bill – which may be higher than you would expect – along with a due date.
However, the email is not from AGL and the attachment does not contain an electricity bill as claimed. In fact, the attached .zip file contains a malicious .exe file. If you open the .zip file and then click the .exe file when using a Microsoft Windows based computer, malware may be installed. Once installed, the malware may download further malware, steal sensitive information such as banking passwords from the infected computer, and allow criminals to take control of the computer from afar.
More and more companies are now using email to deliver bills to customers, so the bogus bill ploy has become a more common way to distribute malware. Customers who regularly receive their bills via email may be tricked into opening the attachment without due caution, especially if the bill amount is higher than expected.
If you receive bills via email, always ensure that the bill really was sent by the company before you open any attachments.
Last updated: February 26, 2016
First published: February 26, 2016
By Brett M. Christensen