Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Australian Power & Gas 'Payment Receipt' Malware Emails

Outline
Email purporting to be from Australian Power & Gas claims that recipients can review details of a recent credit card transaction by opening an attached file.



Brief Analysis
The email is not from Australian Power & Gas and the attachment does not contain a transaction receipt. In fact, the .zip file attachment harbours a malicious .exe file. Running the .exe file can install malware on the user's computer. If you receive one of these bogus emails, do not open any attachments or click on any links that it contains.

Bookmark and Share





Last updated: December 11, 2012
First published: December 11, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Approved Payment Receipt

Australian Power & Gas Payment Receipt
Dear Customer,

We have recently received a credit card payment from you, for your Australian Power & Gas account. This payment has been successfully processed and receipt details are shown below in the attached file.

Transaction Details
Payment Time: Tue, 11 Dec 2012 07:43:54 +0900
Reference One: 2404390362
Reference Two: 01600833
Payment Receipt Number : 3530928186

Note: This payment will appear on your credit card statement with the merchant reference `Australian Power & Gas`.

Kind Regards,

The team at Australian Power & Gas

Message includes an attached file named: Australian PowerGas_ReceiptDetails [string of numbers].zip
.zip file contained the payload "Details.pdf.exe".




Detailed Analysis
This email, which purports to be from energy company Australian Power & Gas, contains information about a supposed credit card transaction for an account payment. The message claims that users can open an attached file to read full details of the transaction.

However, the email is not from Australian Power & Gas and the attached file does not contain a transaction record as claimed. The attachment actually consists of a .zip file that contains malware. Unzipping the attached file reveals a malicious .exe file. In an effort to fool people into believing that the file is a harmless PDF, it has been given the double extension .pdf.exe. If uses open this .exe file, the malware will be installed. Typically, such malware can make contact with remote servers controlled by criminals, harvest sensitive information from the compromised computer and download further malware.

Australian Power & Gas has warned customers about the malicious emails via a post on its Facebook Page:

We are aware some customers and non customers have received a fake email claiming to be from us, with a payment receipt and a attached zip file. These e-mails are NOT from Australian Power & Gas. We advise you NOT to open any attachment in those emails as they may contain a virus.

Please delete the email and be assured your personal account details have not been compromised.

If you receive one of these bogus emails, do not open any attachments or click any links that it may contain.

Bookmark and Share

References

Australian Power and Gas - Facebook

Last updated: December 11, 2012
First published: December 11, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer