Small businesses have been warned to stay alert for email scams after more than 10,000 people reportedly downloaded malicious software disguised as an energy bill.
Scammers posing as electricity giant AGL have sent out thousands of emails to businesses and individuals asking them to pay overdue bills.
According to AGL, the scam emails tell users they have passed their energy consumption limit and need to pay their bill.
The email โpresents as an e-Accountโ, which prompts customers to download a .zip file containing โransomwareโ, which locks your computer and demands an $800 payment.
Raymond Schippers, a senior analyst at worldwide cyber security firm Check Point, told Fairfax at least 10,000 people are estimated to have downloaded the malware and were โvery likely to have been infectedโ, although many more people may have been caught out.
AGL said in a statement it would โnever send an email asking for personal banking or financial detailsโ.
โAnyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email,โ the company said/
โAGL advises recipients of any suspicious emails to run antivirus software and block the sender by adding to the junk folder list.โ
Online security expert Michael McKinnon told SmartCompany ransomware is one method scammers use to target small businesses and individual consumers.
โYou get a lot of small business people opening .zip files or invoices all the time, and so scammers keep getting away with it,โ he says.
McKinnon says the best defence against scams is the โhuman defenceโ.
โKeeping awareness of employees as high as possible is the best thing you can do,” he says.
“Be aware not every email youโre going to get will be legitimate.ย Even the best anti-spam software and filters will still let one or two emails through, and thatโs where the human factor to doubt comes in.โ
On a technical level, McKinnon says backing up files is the number one defence against ransomware, and is an important step many small businesses donโt take.
โOnce youโve been infected itโs too late, youโve either got to restore a previous backup, or if you donโt have one youโve got to pay the ransom,โ he says.
โAnd then you run the risk it still doesnโt give you access.โ
McKinnon also recommends keeping a copy of malware-ridden computers backed up in case the decryption codes for the ransomware became available, as has occasionally happened in the past.
AGL advises anyone with concerns over this scam should contact AGL the Australian Competition and Consumer Commission’s Scamwatch.
Comments