Today I received an email that looked like a bill from Origin Energy.
It looked very authentic – there was good attention to detail, and I’m sure that this will deceive many people.
Do not pay any bill from Origin until you learn how to identify a fake
I’ll cover several ways to spot a fake.
Sign 1: suspicious Pay Now link
Here’s what the email looks like:
When you mouse over the links, most of the links go back to originenergy.com.au, which is Origin Energy’s real website.
However, the View Bill link goes to this address:
This is the first sign of a fake email – when the most important link (the pay link!) goes to a different website.
However, the crim has done a good job here – Energy Australia is a legitimate entity, and the domain name looks plausible. Many phishing domain names look immediately dodgy (e.g. paypal.deoihgw.com). So this deserved further investigation.
Sign 2: Website
The next thing I do is to visit the website of the domain. Here, it’s obvious that the crim has done a good job. Here’s what the website looks like:
Because it looks legitimate, many people will assume this is real, and then click on the link. However, it’s actually very easy to create a website that looks like the original – simply download all their assets (HTML files, CSS, images) and host it on your own site.
This started to look like a very good fake, so I had to dig deeper.
Sign 3: Free HTTPS certificate
The next suspicious sign is the certificate that was used on the phishing domain. It is a free certificate from Let’s Encrypt – this only guarantees the privacy of the website traffic, not the authenticity of the website owner.
This is important to understand – encryption does not guarantee authenticity.
Sign 4: The giveaway: DNS records
The absolute giveaway is in the DNS record for the website, energyaustralia.info.
Here you can see that the website was registered today (27th March 2018), to an address in China.
In contrast, the actual Origin Energy website is registered to a company in Australia.
This is a phishing scam. It looks authentic and is well done, and I expect it will fool many people.
Do not click through on the link, and definitely do not pay any “bills”!
To look for a phishing scam, follow my process above. Please share this post so hopefully no one will fall for this scam.