There are scam emails currently circulating that pretend to be from reputable energy companies, which claim you owe money for an outstanding gas or electricity bill and ask you to click on a link to view your account or to make a payment.
They often involve you being illegally contacted by an individual or company who pretend to be from AGL and who try to gain your personal information by falsely saying things like:
Your AGL energy bill is overdue and you need to share your credit card or bank account details to avoid being disconnected; or
You’ve been overcharged and we need your credit card in order to refund you.
These are just two examples, but if you receive a phone call or email that’s similarly unusual or suspicious that asks for your financial information, please do two things:
Ignore it; and
Call us directly on 131 245 to check whether we have been trying to contact you.
If you’ve provided your details on a website, by email or over the phone, and you believe you may have been a victim of fraud, please contact your financial institution immediately. Remember, AGL will never send you emails asking for personal banking or financial details.
How the scams work:
You receive an email from a reputable energy company claiming that you owe them money.
The email may appear to come from a department like the 'Accounts Receivable Team' or 'Accounts Payable'.
The email may contain the subject title 'Your AGL Bills Update ✔'.
The email may or may not be from your current energy provider.
The email may claim that you have exceeded your energy consumption limit and need to pay or even that you are eligible to use a discounted energy tariff if you click on the link.
The email may direct you to click on a link to view your account, pay your bill or download an attachment.
If you click on the link, your computer may be infected with malicious software and your identity compromised.
If you 'pay' the amount, you will lose your money and may have your credit card details stolen.
How to protect yourself:
If you receive a suspicious email for outstanding energy usage - delete it immediately.
If you're not sure if this is a scam, contact your energy provider with the contact details from their website and not from the email.
Look out for tell tale signs of a scam email, including spelling mistakes and poor grammar.
Never click on the links from suspicious emails and delete them immediately.
For more information visit the Scam Watch website.
We are aware of an unsolicited email in circulation pretending to be from AGL containing the subject title:
How to identify whether you have received a legitimate or hoax email
All legitimate AGL disconnection notices will:
Come from the sender address email@example.com. Any deviation on this address may be a hoax email; and
Include your supply address and account number in the email body. If it does not contain these details, it may be a hoax email.
What to do if you believe you have received a hoax email
If you have received a hoax email, please delete it. Do not click on any links or content from the email. If you have clicked on the link and submitted your personal details, please login to these accounts and reset your password straight away and run a comprehensive Anti-Virus Scan. If you are unsure or have any queries about the email, please contact the AGL Help Desk, 24 hours/7 days a week, on 131 AGL (131 245), Option 3. AGL takes the security of your information very seriously. We will never send emails asking you to confirm, update or disclose personal or banking information. For information on how to identify a scam email head to this Knowledge Base article or the Scamwatch website. Any customers with concerns about the scam emails should call AGL on 131 245.
Customers and non-customers should be aware of an AGL-branded email scam that is falsely claiming to be from AGL. The emails are presented as an eBill and may include a heading that includes "Credit card autopay rejection". Screenshots are posted below.
The link asking you to ‘re-register your credit card autopay details’ takes you to a non-AGL website which is a scam website.
AGL will never email you to ask for your personal banking or financial details. Also, any email correspondence from AGL will also have the customer’s name and account details, including account number and supply address.
Anyone receiving this suspicious email should:
Forward it to firstname.lastname@example.org.
Flag the email as ‘spam’ or junk in your inbox.
Delete the email immediately. Please do not open or click on any links within the email.
For information on how to identify a scam email head to this Knowledge Base article or the Scamwatch website. Any customers with concerns about the scam emails should call AGL on 131 245.
Learn to Spot Scams and Spam ......Look for something JUST NOT QUITE RIGHT!
Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information or click on a link. Some phishing messages are an obvious fraud, others can be a bit more convincing. So how do you tell the difference between a real message and a phishing message. There is not one single technique but here are some hints.
1. The message contains a mismatched URL e.g. actual email address does not match name displayed
One of the first things you should check is whether the URL (eg. link to website or email address) actually matches the name displayed.
When you hover your mouse over the link or email address if it is different to the address that you can see, the message is probably fraudulent or malicious. For example, if you hover over a display sender name like “Stay Smart Online” it should appear as StaySmartOnline@ag.gov.au, not something like StaySmartOnline123445656@123.com.
2. URLs contain a misleading domain name e.g. microsoft.com.maliciousdomain.com
Criminals who launch phishing campaigns often depend on people either - not checking a link before they click or not understanding how a domain name is structured. For example a Microsoft webpage would always have microsoft.com at the end. For example
This could be OK
This is NOT OK (note the missing letters)
3. The message contains poor spelling and grammar
If a company sends out a message, it is usually reviewed for spelling, grammar, and legality etc. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from them!
4. The message asks for personal information
No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank does not need you to send it your account number. It already knows it! Also, a company should never send an email asking for your password or credit card number.
5. The offer seems too good to be true
If the offer seems too good to be true - it probably is. If you receive a message from someone unknown to you making big promises e.g. you have won tattslotto - when you did not buy a ticket - the message is probably a scam.
6. You did not initiate the action
You get an email saying you won a car but you never entered a competition to win a car. If you get a message like this you can probably bet it is a scam.
7. You are asked to send money to cover expenses
A telltale sign of a phishing email is that you are asked for money - even if it is not in the first email.
8. The message makes unrealistic threats
If a message makes unrealistic threats it is probably a scam. An example of a threat message is - your bank emailing you saying that if you do not submit a form plus ID your account will be cancelled and assets seized.
9. The message appears to be from an official source e.g. government department
Official sources do not use email as their first form of contact. It will most probably be a scam.
10. Something just does not look right
Casino security teams are taught to look for anything that is JDLR - just doesn't look right! If it looks off, it probably is! This also applies to email messages. If you receive a message that seems suspicious, it's usually in your best interests to avoid acting on the message. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.
Protect your computer and other devices by keeping your software current and installing anti virus software to keep the criminals away!
The only way to keep yourself safe is to keep you software current, updating apps and operating systems as soon as updates are released - especially after a security issue has been identified.
The updates are released because software vendors are always adjusting their code to keep ahead of the criminals.
Software updates are a crucial step in keeping your private information private.
And don’t forget to install anti-virus software on your devices.
Viruses, worms, Trojan horses, ransomware......are just some of the intruders that anti-virus software will stop. Anti-virus software helps protect your computer against most viruses, worms, Trojan horses, and other unwanted invaders that can make your computer "sick".
The invaders perform malicious acts, such as deleting files, accessing personal data, or using your computer to attack other computers.
To keep your devices healthy, install anti-virus software. Do some research on anti-virus software but some of the big names in Anti Virus software are Norton by Symantec and McAfee.
Stay Smart Online has lots of good resources on how to protect your information.
Where can I go to get help?
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams.
Stay Smart Online provides useful information and resources to help you and your family stay safe from cyber security threats. AGL is a proud supporter of Stay Smart Online.
Both Scamwatch and Stay Smart Online have an email alert system that you can subscribe to.
A strong password is a safe password.
Short and simple passwords might be easy for you to remember, but unfortunately are also easier for cyber criminals to crack.
A strong password is greater than eight characters long and a mix of upper and lower case letters, numbers and other symbols:
Lowercase letters a,b,c...
Uppercase letters A,B,C…
Learn how to set and use passwords with Stay Smart Online.
And remember never share your passwords with anyone and use different passwords for each of your online account that way if they get into one they will not be able to access your other accounts.