Month: March 2018

Origin Energy phishing alert – do not pay any bills until you read this post!

By Scram Software

Today I received an email that looked like a bill from Origin Energy.

It looked very authentic – there was good attention to detail, and I’m sure that this will deceive many people.

Do not pay any bill from Origin until you learn how to identify a fake

I’ll cover several ways to spot a fake.

Sign 1: suspicious Pay Now link

Here’s what the email looks like:

When you mouse over the links, most of the links go back to originenergy.com.au, which is Origin Energy’s real website.

However, the View Bill link goes to this address: 

https://energyaustralia.info/BillerCode-300000520779

 

This is the first sign of a fake email – when the most important link (the pay link!) goes to a different website.

However, the crim has done a good job here – Energy Australia is a legitimate entity, and the domain name looks plausible. Many phishing domain names look immediately dodgy (e.g. paypal.deoihgw.com). So this deserved further investigation.

Sign 2: Website

The next thing I do is to visit the website of the domain. Here, it’s obvious that the crim has done a good job. Here’s what the website looks like:

Because it looks legitimate, many people will assume this is real, and then click on the link. However, it’s actually very easy to create a website that looks like the original – simply download all their assets (HTML files, CSS, images) and host it on your own site.

This started to look like a very good fake, so I had to dig deeper.

Sign 3: Free HTTPS certificate

The next suspicious sign is the certificate that was used on the phishing domain. It is a free certificate from Let’s Encrypt – this only guarantees the privacy of the website traffic, not the authenticity of the website owner.

This is important to understand – encryption does not guarantee authenticity.

Sign 4: The giveaway: DNS records

The absolute giveaway is in the DNS record for the website, energyaustralia.info.

Here you can see that the website was registered today (27th March 2018), to an address in China.

 

In contrast, the actual Origin Energy website is registered to a company in Australia.

Conclusion

This is a phishing scam. It looks authentic and is well done, and I expect it will fool many people.

Do not click through on the link, and definitely do not pay any “bills”!

To look for a phishing scam, follow my process above. Please share this post so hopefully no one will fall for this scam.