PG & E Energy Statement Malware Emails
OutlineEmails purporting to be from US energy service provider PG & E notify recipients that their most recent energy statement can be viewed by following a link.
© Depositphotos.com/ maxkabakov
Brief AnalysisThe emails are not from PG & E. The link opens a compromised website that harbours malware. If installed, this malware can connect the infected computer to a botnet and download further malware. Subject lines and other details in the malware emails may vary.
Subject: Gas and Electric Usage Statement
Account No: 138475201-6
PG & E ENERGY STATEMENT
Statement Date: 01/10/2014
Due Date: 02/01/2014
Your Account Summary
Amount Due on Previous Statement
Payment(s) Recieved Since Last Statement
Previous Unpaid Balance
Current Electric Charges
Current Gas Charges
49.20 To view your most recent statement, please click here You must log-in to your account or register for an online account to view your statement.
Total Amount Due BY 02/01/2014 $559.7
Fraudulent emails claiming to be from US energy provider Pacific Gas and Electric (PG & E) are currently being distributed. The fake emails notify users that their most recent energy statement is available and can be viewed by following a link. The messages include what is supposed to be a breakdown of the user's current bill.
The emails are not from PG & E as claimed. Clicking the link in the emails takes users to a compromised website that contains the Kuluoz malware. Kuluoz can add the infected computer to the Asprox botnet. It may also download and install further malware.
Subject lines in the emails may vary. While some may have the subject line shown in the above example, others may have the subject "Delivery Canceling". Other details in the emails may also vary in different versions.
This campaign is very similar to another recent malware attack that claimed that the recipient's Atmos energy bill could be viewed by clicking a link. Again, the link opened a website that contained Kuluoz.
If you receive one of these emails, do not click on any links or open any attachments that it may contain.
Last updated: January 14, 2014
First published: January 14, 2014
By Brett M. Christensen