This is the second AGL scam in as many weeks. Last week another fake  email scam was circulating delivering Trojan malware.

The current scam looks similar to recent phishing runs impersonating other well-known brands like AusPost and AFP. These attacks appear to be coming from the same group of cyber criminals.

Here is a sample of today’s AGL email which has many variations:

AGL Scam1

The scam email appears to be from AGL, advising the recipient of their current bill. The email is personalised for each recipient and provides a link for the recipient to view their electricity bill online.

Here is a sample of the first page recipients are directed to:

AGL Scam2

The landing page asks the user to enter in a ‘Captcha’ code. Once completed, the page downloads a .zip file containing a Javascript dropper. The dropper when executed then downloads Torrentlocker from a remote location.

AGL Scam3

The URLs for the websites which the recipients are sent to vary greatly. It appears there are a large number of compromised web servers serving out the landing pages and malware.

Why is Ransomware dangerous?

When Ransomware files have been run by the email recipient or web user, the malware actually encrypts files on both the local device and possibly the entire network. The user or business may then be held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.

The only other option is for the business to stay offline and recover previous backups to get back online. Many users are left with no choice other than to pay the ransom, which can be for tens of thousands of dollars.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
  • Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
  • Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate

If unsure, do not click links or download files contained within the email and contact the purported sender directly to verify the authenticity of the email.

AGL also share tips on how phishing and hoax emails operate on their website.

We recommend that you share these tips with your staff to make them aware of these campaigns.

By deploying TechPatrol’s cloud based managed Antivirus and Web security solution, you will reduce the incidence of these new variants of malicious email entering your network.