Home Malware Bogus Simple Energy Bill Emails Contain Macro Malware

Bogus Simple Energy Bill Emails Contain Macro Malware

by Brett M. Christensen

‘eBill’ notification emails purporting to be from electricity and gas retailer Simple Energy are currently hitting inboxes. The emails, which feature the Simple Energy logo and formatting, contain a ‘bill summary’ and claim that you can find your latest gas bill in an attached file. 

Payment and account links in the emails open pages on the genuine Simple Energy website.

However, the emails are not from Simple Energy and the attachment does not contain a gas bill.

Instead, opening the attachment can trick you into allowing malware to infect your system.

Because the attachment is a seemingly innocuous Microsoft Word (.doc) file, you may be inclined to open it without realising the risk. If you do open the attachment, a popup message will claim that you need to enable macros before the file can be viewed correctly.

But, enabling macros as requested will allow a malicious macro to run. The macro can download and install other malware components. Typically, such malware can steal information such as banking passwords, download even more malware, and allow criminals to use the infected computer for their own purposes.

For those that may not be aware, a ‘macro’ in this context is a set of instructions that can act as a single command in order to automatically accomplish a task. Macros can save time by making repetitive tasks easier to carry out. Microsoft Office programs and other types of software allow you to create your own macros as required to aid your workflow. 
However, macros can also be used maliciously. In the past, macro virus threats were common. Thankfully, later versions of Microsoft Office disabled macros by default thereby lessening the threat posed by macro viruses. But, online criminals are again using macros to trick people into installing malware. Unless you have a specific need to use macros and are aware of the potential risks, you would be wise to leave macros disabled.

If you receive one of these fake Simple Energy bills, do not open any attachments that it contains and do not click any links in the message. Note also that fake energy bill emails have been used in several earlier campaigns to distribute malware.

Example

Simple Energy Malware Emails


Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer