Read that email bill again – it may just not be real

Yesterday I received an email from Origin Energy about my bill. It was a particularly boring email, nothing unusual and had the typical click here to pay button which I find is really handy when there is so much else that needs doing in the day.

Although the only real issue with this whole thing is that I’m not actually an Origin Energy customer.

I, along with our clients who we host email services for, are on a daily basis seeing new and inventive scam emails which are better utilising social engineering to blow holes in our mental armour and “get us” at a point in time we’re not expecting it and not entirely aware of what’s going on.

The biggest tip I give our clients is to ask them to forward the email on before doing anything and we’ll check it. We can then educate them on the markers to look out for on emails like that.

The closest I got to falling for a scam was when I received from a colleague I was expecting to hear from, a legit looking Google Drive “this file has been shared with you” email. Now I am however more vigilant, but had it not been for the scammers poor skills in a few particular areas, I would have given away my Google Drive logins to them.

So, when you’re receiving emails, here’s a few things to always check. Note that scammer approaches are changing all the time, so these tips may have a limited lifespan and are not going to protect you fully from anything:

1) From email address

Does their email match the company? In this the email address was noreply@originenergysolar.net, although it’s worth noting I didn’t immediately pick up on that as the email looked legit.

2) To email address

Did they put your email address in the “To” field or is it missing? Bulk scammers may BCC you, so your own name may not show up.

3) In line with the usual?

Is there anything unusual in the email? Compare it to past ones from this company or person.

4) Attachments in Word docs or zip files

Are attachments like bills in Word Docs or Zip files? Zip files are compressed files, so this can mask to antivirus filters the contents. If you get a bill with a zip, rar or other compressed file type attachment, it’s likely a scam.

Likewise, Word document scams usually involve you opening the Word doc, then being required to click the link inside the Word doc to view the bill. All of this is designed to evade detection by scanners along the way.

5) Clickable links

Where to the links go? You can put your mouse over a link to find out where it goes, without clicking on it. You can also hold down your finger on a link until it previews where you will be taken, on the iPhone, and on other computers sometimes you need to right click to see where it will go.

The links will often be a collection of legitimate + fake. In the case of my Origin Energy email, all the links pointed to their website, except the “View bill” button. This took me to a very long link which had “sharepoint” in the address. I am finding this regularly coming up so it’s a common method. I did not click on the link so that I could show you what the page looks like as I would prefer not to risk it.

Always visit the actual website directly when in doubt.

Constant vigilance is unfortunately a necessity these days. Go with your gut feelings and be careful please!