Another massive AGL paperless invoice scam email doing the rounds this week

ousands of fake AGL emails have been delivered to unsuspecting email users this week. Although the AGL brand has been used many times recently by cyber criminals, this one in particular

is the same as the most recent phishing run

 MailGuard reported and blocked last month.

Although these email scams appear similar to the recipients, they actually differ each time in an effort to avoid detection by anti-virus and anti-spam software (i.e. the landing page URL has changed in this instance). MailGuard blocked 100% of the fake AGL phishing emails this week.

The email purports to originate from AGL, but actually originates from a compromised web host.

Here is a sample of the phishing email currently circulating:

By clicking ‘Get Statement’, the recipient is directed to a fake landing page with the legitimate AGL branding. The Captcha code on the site actually works, however the number typically does not differ from person to person, so is only designed to instill a fake sense of security before downloading the supposed statement.

Clicking ‘Download’ commencing downloading of a malware package in a .zip file containing a dropper, which installs ransomware onto the user’s device.

Why is Ransomware dangerous?

When Ransomware files are executed by the email recipient or web user, the malware actually encrypts files on both the local device and possibly the entire network. The user or business may then be held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.

The only other option is for the business to stay offline and recover previous backups to get back online. Many users are left with no choice other than to pay the ransom, which can be for tens of thousands of dollars.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate

If unsure, do not click links or download files contained within the email and contact the purported sender directly to verify the authenticity of the email.

AGL also share tips on how phishing and hoax emails operate on their website.