Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









PG & E Energy Statement Malware Emails

Outline
Emails purporting to be from US energy service provider PG & E notify recipients that their most recent energy statement can be viewed by following a link.

Privacy concept: Malware with optical glass

© Depositphotos.com/ maxkabakov



Brief Analysis
The emails are not from PG & E. The link opens a compromised website that harbours malware. If installed, this malware can connect the infected computer to a botnet and download further malware. Subject lines and other details in the malware emails may vary.

Bookmark and Share

Example

Subject: Gas and Electric Usage Statement

Account No: 138475201-6
PG & E ENERGY STATEMENT                                
Statement Date: 01/10/2014
Due Date: 02/01/2014
 
Your Account Summary

Amount Due on Previous Statement
Payment(s) Recieved Since Last Statement

Previous Unpaid Balance

Current Electric Charges
Current Gas Charges  

$344.70
0.0

$344.70

$165.80
49.20  To view your most recent statement, please click here You must log-in to your account or register for an online account to view your statement.

Total Amount Due BY 02/01/2014 $559.7

PG & E statement Malware


Detailed Analysis


Fraudulent emails claiming to be from US energy provider Pacific Gas and Electric (PG & E) are currently being distributed.  The fake emails notify users that their most recent energy statement is available and can be viewed by following a link.  The messages include what is supposed to be a breakdown of the user's current bill.

The emails are not from PG & E as claimed. Clicking the link in the emails takes users to a compromised website that contains the Kuluoz malware.  Kuluoz can add the infected computer to the Asprox botnet. It may also download and install further malware.

Subject lines in the emails may vary. While some may have the subject line shown in the above example, others may have the subject "Delivery Canceling". Other details in the emails may also vary in different versions.

This campaign is very similar to another recent malware attack that claimed that the recipient's Atmos energy bill could be viewed by clicking a link. Again, the link opened a website that contained Kuluoz.

If you receive one of these emails, do not click on any links or open any attachments that it may contain.

Bookmark and Share






Last updated: January 14, 2014
First published: January 14, 2014
By Brett M. Christensen
About Hoax-Slayer

References
Pacific Gas and Electric Company
Delivery Canceling - Energy Statement - Malware
'Your Atmos Energy Bill is Available' Malware Email




Go to Mobile Version