AGL Branded ‘Electricity Bill’ Phishing Email Carrying Trojan Malware

AGL Branded ‘Electricity Bill’ Phishing Email Carrying Trojan Malware
  • 1

AGL Branded ‘Electricity Bill’ Phishing Email Carrying Trojan Malware


A massive phishing email with links to a crypto ransomware payload has hit Australia

The email appears to be from AGL advising the recipient of their current outstanding amount.

Here is a sample of the first page recipients are directed to:


The landing page asks the user to enter in a ‘Captcha’ code. Once completed, the page downloads a .zip file containing a Javascript dropper. The dropper when executed then downloads Cryptlocker from a remote location


Why is Ransomware dangerous?

When Ransomware files have been run by the email recipient or web user, the malware actually encrypts files on both the local device and possibly the entire network. The user or business may then be held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.

The only other option is for the business to stay offline and recover previous backups to get back online. Many users are left with no choice other than to pay the ransom, which can be for tens of thousands of dollars.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
  • Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate

If unsure, do not click links or download files contained within the email and contact the purported sender directly to verify the authenticity of the email.

AGL also share tips on how phishing and hoax emails operate on their website.

View original article