'Your Atmos Energy Bill is Available' Malware Email
OutlineEmail purporting to be from US natural gas distributor Atmos Energy claims that the recipient's latest energy bill can be viewed on line by clicking a link.
Brief AnalysisThe email is not from Atmos. Clicking links in the message opens a compromised website that harbours malware. If installed, this malware can connect the infected computer to a botnet and download further malware. If this email comes your way, do not click any links or open any attachments that it may contain.
Subject: Your Atmos Energy Bill is Available online
Your latest Atmos Energy bill is now available to view online.
Click here to find out why natural gas is the best choice for clean and responsible energy use.
Account Number : 4516684602
Bill date: 01/02/2014
Current Charges: $39.90
Total Amount Due: $39.90
Payment Due Date: Due upon receipt
Past Due Date: 01/25/13
To view your most recent bill, please click here. You must log-in to your account or register for an online account to view your statement.
There are many options to pay your bill. Sign up for the Automatic Payment Plan to have your payment automatically deducted from your bank or credit card. Pay electronically online at the Account Center, visit an Authorized Payment Center or send a check by mail.
Our monthly bill inserts keep you current on natural gas safety information, energy-saving tips, regulatory updates and more. Click here to view the monthly inserts.
Atmos Energy appreciates your business.
According to this email, which claims to be from US natural gas provider Atmos Energy, the recipient can view the latest Atmos energy bill by clicking a link. The email also invites people to find out more about natural gas by clicking other links. The message includes a customer account number, current charges, and the date the supposed bill was issued.
However, the email is not from Atmos. Clicking any of the links in the email will take users to a compromised website that harbours the Kuluoz malware. Once installed, Kuluoz can join the computer up to the Asprox botnet and download and install more malware components.
Atmos has published a notice on its website warning users about the scam emails. The warning notes that the emails are coming from an address that is not affiliated with Atmos Energy and uses fake account numbers.
If you receive this email, do not click any links or open any attachments that it contains.
Malware distributors and phishing scammers often use fake bill notification emails as a means of gaining victims. Be wary of any unsolicited email that claims that you can view a bill by clicking a link or opening an attached file.
Of course, some service providers do send bill notifications via email, usually because a customer has explicitly chosen to receive email rather than paper bills. Thus, it is important that you carefully check that a bill notification email is really from your provider before clicking links or opening attached files.
Last updated: January 6, 2014
First published: January 6, 2014
By Brett M. Christensen