Go to top of page

Ransomware scam being spread through fake AGL bill

Priority Level: 
18 October 2016

Fake electricity bills are being emailed in an attempt to spread ransomware, with reports that a recent scam claims to be from energy provider AGL.

The fake email looks like a standard bill, but directs the email recipient to click on a link which takes them to a website designed to install ransomware on the victim's computer.

Once installed, this ransomware will encrypt the victim's files and demand payment to decrypt them.

Stay Smart Online warned of a very similar scam in June this year. The latest emails include a statement which claims that people affected by recent floods and storms may receive assistance via the link.

AGL states on its website it will never send an email asking for personal banking or financial details.

'Anyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email,' AGL says.

'AGL advises recipients of any suspicious emails to run antivirus software and block the sender by adding to the junk folder list.'

What is ransomware?
Ransomware is a type of malicious software that handicaps computer functionality, for example, through browser hijacking or encrypting personal data, and offers to restore the functionality for a fee, which is a form of extortion.

Recovery of systems that have been infected with ransomware is almost impossible without clean backups, so prevention is always the best approach.

While there have been reports that files are recovered if the ransom is paid, this does not protect your computer against further attacks. The attacker may simply encrypt your files again, and increase the ransom. Further, paying the ransom reinforces the criminal business model.  For these reasons, responding to extortion is not encouraged.

More information

Stay Smart Online has more information on recognising scam emails, as well as information on protecting against ransomware attacks.

See also the previous Alert on AGL-based ransomware attacks for more information on recovery from a ransomware attack.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.