Simply Energy e-mails supposed to be containing an eBill notification turn out to be a hoax, instead infecting users with a malware virus.
Simply Energy is one of the biggest energy retailers in Australia, providing gas and electricity to more than 500 000 households in Victoria, Queensland and South Australia. However it has been a subject to a number of high profile controversies and complaints about some of the policies employed as well as billing issues in the past. This will not help matters either even though it doesn’t seem to be Simply Energy’s fault this time.
E-mails purported to be from the energy and gas retailer are circulating around the internet. Users have found the e-mails which feature a Simply Energy logo and layout in their inboxes. A “bill summary” is included as well as an attached file supposed to be your latest gas bill according to the text in the e-mail. The hoax is pretty elaborate as payment and account links actually open genuine real webpages on the Simply Energy website.
The real issues begin when you try to download or open the attached “gas bill”. Because that is not a gas bill at all but a type of a malware virus. The file is with a Microsoft Word extension (.doc to be precise) so it would appear pretty safe to open it, right? Well once you do a pop-up message would appear asking you to enable macros before the file can be displayed correctly.
Yet if you do enable macro it would allow a malicious macro to run and thus enable additional malicious applications to be downloaded and installed. This is the type of virus known to be able to steal personal information, including banking passwords and user names as well as give access to your computer to cyber criminals.
If you are not aware what exactly “macro” would mean in this context allow us a brief explanation. This is a string of instructions that can work as a single command in order to accomplish a specific task. Macros allow saving time due to their ability to make repetitive tasks easier to execute. MS Office products as well as a host of other programs give users the chance to create their own macros to customize their specific workflow needs.
This all seems well and good but problem is macros can also be used maliciously. It was a common theme in the past to encounter a micro virus threat. Thankfully Microsoft took notice and later version of their Office products have macros disabled by default. This significantly reduces the risks posed, yet there seem to be a resurgence of this trick to make unsuspecting users allow malware viruses installation lately. It would be wise to avoid enabling this function unless you are fully aware of the risks and indeed have a need to use macros.
The fake energy bill scheme in not a new one as previous similar cases have been documented in the past. If you are one of the affected and find the fake Simply Energy gas bill in your email inbox do not open any attachments and do not click on any of the links in the message header.