Category Archives: Phishing

Origin Energy Phishing Email

Be wary of an email claiming to be an electricity bill from Origin Energy. The email is well put together with correct logo and links in the footer linking to Origin Energy’s website. The phone number in the email does not appear to be affiliated with Origin Energy.

The email goes on to advise the recipient that the latest bill is available. The link supposably linking to the bill, in fact links to a zip file, which the user is prompted to download. The zip file contains a malicious JavaScript file. Once this JavaScript file is executed a Trojan is then downloaded onto the users PC.

Malicious files are often placed inside zip files to avoid detection by Antivirus.

This Trojan can then be used to drop other malicious software, such as ransomware.

Always take care when clicking links in emails. In this case, hovering over the link shows that is does not link to the origin website.

More information on identifying scam emails can be found on the Origin Energy website.

NAB Phishing Scam

Scammers are at it again. This time claiming to be from National Australia Bank. The scam email uses official logos, which link directly to the NAB website.

The NAB phishing scam also includes a security notice. This security notice is found in legitimate NAB emails:

Security Notice: NAB will never request personal information such as your PIN/password or ask you to login to online services directly from an email. For further security advice visit nab.com.au/securitytips

The fail, on the scammers behalf, is that they then ask you to ‘Log on to Internet Banking’ – something your bank will never ask you to do via email, and something that the scammers have told us NOT to do.

To help protect yourself from phishing and other scams check out some security tips on the NAB website.

Commbank Phishing Email

Another phishing email doing the rounds. This email purports to be from the Commonwealth Bank, and advises that there has been “an unusual number of invalid login attempts” and that you will need to “Confirm that you’re the owner of the account”.

The login button, of course, does not link to a Commbank website but instead redirects to a convincing looking phishing website.

Commbank Phishing Website

The good news is due to a certificate error, most users will probably receive this screen instead.

Always take care when clicking links in emails. A link can be created to say one website but link to another.

For example: www.grenfellinternetcentre.com.au. This URL should link to this website. Take a closer look at the link. Where is it linking to?

Hovering over a link with your mouse will show the URL that will be opened.

Suspicious links can be scanned using a website such as Virus Total.