Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 145 - December 2012 (2nd Edition) - Page 5

Australian Power & Gas 'Payment Receipt' Malware Emails

Issue 145 Start Menu

Previous Article            Next Article

Email purporting to be from Australian Power & Gas claims that recipients can review details of a recent credit card transaction by opening an attached file.

Brief Analysis
The email is not from Australian Power & Gas and the attachment does not contain a transaction receipt. In fact, the .zip file attachment harbours a malicious .exe file. Running the .exe file can install malware on the user's computer. If you receive one of these bogus emails, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: December 11, 2012
First published: December 11, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Subject: Approved Payment Receipt

Australian Power & Gas Payment Receipt
Dear Customer,

We have recently received a credit card payment from you, for your Australian Power & Gas account. This payment has been successfully processed and receipt details are shown below in the attached file.

Transaction Details
Payment Time: Tue, 11 Dec 2012 07:43:54 +0900
Reference One: 2404390362
Reference Two: 01600833
Payment Receipt Number : 3530928186

Note: This payment will appear on your credit card statement with the merchant reference `Australian Power & Gas`.

Kind Regards,

The team at Australian Power & Gas

Message includes an attached file named: Australian PowerGas_ReceiptDetails [string of numbers].zip
.zip file contained the payload "Details.pdf.exe".

Detailed Analysis
This email, which purports to be from energy company Australian Power & Gas, contains information about a supposed credit card transaction for an account payment. The message claims that users can open an attached file to read full details of the transaction.

However, the email is not from Australian Power & Gas and the attached file does not contain a transaction record as claimed. The attachment actually consists of a .zip file that contains malware. Unzipping the attached file reveals a malicious .exe file. In an effort to fool people into believing that the file is a harmless PDF, it has been given the double extension .pdf.exe. If uses open this .exe file, the malware will be installed. Typically, such malware can make contact with remote servers controlled by criminals, harvest sensitive information from the compromised computer and download further malware.

Australian Power & Gas has warned customers about the malicious emails via a post on its Facebook Page:

We are aware some customers and non customers have received a fake email claiming to be from us, with a payment receipt and a attached zip file. These e-mails are NOT from Australian Power & Gas. We advise you NOT to open any attachment in those emails as they may contain a virus.

Please delete the email and be assured your personal account details have not been compromised.

If you receive one of these bogus emails, do not open any attachments or click any links that it may contain.

Bookmark and Share


Australian Power and Gas - Facebook

Previous Article            Next Article

Issue 145 Start Menu

Pages in this issue:
  1. Hoax - NASA Predicts Total Blackout of Planet in Dec 2012
  2. 'You Have Received a Secure Message' Malware Emails
  3. Christmas Cards For Dalton Dingus
  4. Jim Carrey is NOT Dead
  5. Australian Power & Gas 'Payment Receipt' Malware Emails
  6. Gmail 'Update Account' Phishing Scam
  7. Starbucks Lack of Support For Iraq Troops Rumor
  8. Holiday Horrors - Are Common Seasonal Decorations Toxic?
  9. Facebook 'Site Governance' Email is Legitimate
  10. RapidFax Malware Email
  11. Facebook Survey Scam - Free Bunnings Gift Card
  12. Plea to Help Find Homes for 52 Thoroughbred Horses
  13. Giant Table and Chairs Horse Shelter Photograph
  14. Wrestling Star John Cena is NOT Dead
  15. Facebook 'Pirates' Fraud Warning
  16. Leptospirosis Death Warning - Rat Urine on Soda Can Top
  17. Egg Windshield Attack Robbery Warning
  18. 'Assistance Internet' Email Account Phishing Scam
  19. Misleading Health Advice Email - 'Mayo Clinic on Aspirin and Heart Attacks'