Practical tips, insights and articles to help you build the business, wealth, and lifestyle you want

Combined Phishing/Ransomware Threat Infecting AGL Clients (& Anyone Else Not Paying Attention!)

Article By James Mills | | Technology Consulting
The Government’s ‘Stay Smart Online’ service has issued an Alert this month to warn of a widespread threat infecting a large number of individuals & businesses due to its complexity, and the sophistication of the originating email.

The act of ‘phishing’ – masquerading as a trustworthy entity through an electronic communication in an attempt to gain information from, or access to, a Users’ device – is not a new threat, however these have been traditionally easy to spot as being obviously non-genuine by the usual red flags:The sender’s email address domain doesn’t exactly match the true domain of the business being impersonated – i.e. instead of

  • The sender’s email address domain doesn’t exactly match the true domain of the business being impersonated – i.e. instead of
  • Any attachments are contained within a ‘zip’ archive file – a trick used to bypass a large number of low-end anti-virus scanners
  • An extraordinary number of errors in spelling, grammar and punctuation.

Disturbingly though, this new resurgence of targeted phishing attacks are far more sophisticated – well written, professional looking, and containing factual and current references such as: ‘…customers in financial hardship following recent storms and flooding should call us…’ instilling a misplaced sense of legitimacy by including AGL’s actual Customer Support Line.

Unfortunately, anyone who falls prey to the well constructed email and clicks the link to get their ‘Paperless Invoice’, are then taken to a fake site mocked up to look like a legitimate AGL Customer Portal – which then proceeds to download and install a type of malware known as ‘ransomware’. Ransomware is a type of malicious software whose main purpose is to encrypt the entire device it is installed upon, using an encryption key known only to the programs’ creator. Access to the device and all files it had stored on it is then only possible by either calling a number displayed on the device and paying the specified ‘Ransom’, or restoring from the last known good backup of the system & its files.

There is much debate about which is the best approach, as whilst it is in the best interests of the attacker to unlock your system if the ransom is paid – they don’t want word getting around that paying their ransom won’t help you get your files back – doing so obviously validates the business model and goes a little way towards ensuring these attacks continue to plague us. If however your last working backup is from quite some time ago (or worse – you don’t have one at all!), then it may be that paying the ransom is your only viable option and you are willing to take the risk of having them take your money and not provide the decryption key in return.

Obviously it goes without saying that all those receiving this email who are not AGL Customers would know to delete it immediately – but for those who are, there is a risk that this email could get through the standard ‘sniff test’. It is in those situations where standard safe email practices will always help: Did I request this email or have I been advised/expecting it to be coming? Are they asking for some sort of personal details or a payment? If I go to the sending organisations’ website by manually typing the address into a web browser, is there an alert about email scams currently doing the rounds professing to be from them?

By following regular safe browsing and email practices, you can reduce the chance that those backups, hopefully being taken regularly, might become your only chance of recovering your vital systems.

Should you fear you have been infected with this, or any other forms of malware that may be jeopardising your financial data, please get in touch with our Innovations Team to discuss how they can assist.