Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

'Energy Statement' Malware Email


Message purporting to be from the "Energy Billing System" claims that the receiver's latest energy bill is now available online and can be viewed by clicking a link.

Facebook phising
© maxkabakov

Brief Analysis

The email is not from any legitimate billing system and the link does not open an energy bill. Clicking the link opens a compromised website that contains malware. This malware may harvest personal information from the infected computer, connect the computer to a botnet, and download and install more malware.


From: Energy Billing System
Subject: Energy Statement

Your latest Energy bill is now available to view online.

Account Number : 0098112546
Bill date: 02/12/2014
Total Amount Due: $524.30

To view your most recent bill, please click here./a>You must log-in to your account
or register for an online account to view your statement.

There are many options to pay your bill. Sign up for the Automatic Payment Plan
to have your payment automatically deducted from your bank or credit card.
Pay electronically online at the Account Center, visit an Authorized Payment Center
or send a check by mail.

Our monthly bill inserts you energy-saving tips, regulatory updates and more.

To ensure timely receipt of your bill and other communications, copy this e-mail address
into your approved mailing list, so it is not blocked by your protection software.

Energy Statement Malware Email

Detailed Analysis

This email, which claims to be from the "Energy Billing System", informs recipients that their latest energy bill is now available online and invites them to click a link to view the bill. The email includes the total amount due and the bill date.

However, the email is not from any legitimate billing system and it does not contain information about a real energy bill. In fact, the email is designed to trick recipients into installing malware on their computers. The scammers responsible for the bogus email hope that at least a few people will think that the message is a genuine notification from their energy provider and click the link without due caution. Others may be panicked into clicking the link because they think that they have been sent an energy bill in error.

Unlike similar malware attacks, this email is deliberately generic. It does not name a particular company nor does it even identify what kind of energy the bill is supposedly for. This absence of identifying features means that busy or less observant recipients may simply assume that the email is from their own provider and follow the link.

Those who do follow the link will be taken to a compromised website that contains malware. If users are tricked into downloading and installing the malware, their computer may be joined up to a botnet. The malware may also download further malware components and harvest sensitive personal information from the infected computer.

There has been a series of malware attacks in recent months that use bogus bill notification emails as a means of tricking people into clicking links or opening attached files.

If you receive one of these emails, do not click any links or open any attachments that it contains.

Last updated: February 15, 2014
First published: February 15, 2014
Written by Brett M. Christensen
About Hoax-Slayer

'Your Atmos Energy Bill is Available' Malware Email
Vodafone 'Bill a Bit More Than Usual' Malware Emails