Recent cyberattacks affecting Australian businesses – including a cyber incident that resulted in unauthorised access to 323 of our customer accounts through our My Account portal – have highlighted the importance of continuing to improve the measures that help keep customer data safe and secure.
There was a cyber incident involving our My Account portal in September-October 2022. The incident resulted in the exposure of data for 323 residential and small business customers.
There is no evidence that the information of the 323 customers was transferred outside of our systems during the incident and no other EnergyAustralia systems were affected. All impacted customers were contacted.
Online account safety
The security of your billing and other information is important and we want to update you on what we’re doing to ensure your information is protected.
For all your online accounts including EnergyAustralia’s My Account, it’s important to:
- Create a complex password with a mix of upper- and lower-case letters, special characters and numbers
- Don’t use a password that you’ve used before or that you use for other accounts
- Don’t share your password with anyone
Different organisations have different requirements for passwords, but most will require you to change them regularly and not re-use the same password for every account.
Other suggestions include using a passphrase made up of three or more random words combined with special characters, and using a reputable password manager app.
Don’t be caught by a ‘phishing’ (or ‘smishing’ or ‘vishing’) scam
A 'phish' is a disguised email that tries to lure you into doing something you shouldn't do, like entering your password into a fake website or downloading malicious software.
Clicking on links may inadvertently allow a cyber-criminal to get into accounts and steal money or intellectual property, copy or encrypt data, or disrupt technology systems.
Smishing is a form of phishing, occurring via SMS texts. Vishing is also a form of phishing, through voice calls over the phone.
Phishing that is targeted at specific individuals is known as 'spear phishing'. In these cases, cyber-criminals research their target and tailor the message to match their situation.
Fake EnergyAustralia emails
At first glance, fake EnergyAustralia emails might look convincing. They feature our company name, brand logo and colours, and even our ‘View bill’ icon which will be familiar to our customers who receive eBills.
Senders of such scam emails are hoping you’ll click on the ‘View bill’ icon, as the web link that sits behind it is malicious and designed to convince you to enter confidential information, such as your password or banking details.
How to tell if it’s a scam
Take a look at the sender’s email address. Our electronic bills to customers are always sent from firstname.lastname@example.org.
If you get an email from an address that’s anything other than the above claiming to be one of our eBills, don’t open it or click any of its links or icons. There may also be other details that point to it being a fake email, such as poor spelling, generic addressee when it’s usually personalised, or a sense of threat or urgency.
What to do
Whether you’re one of our customers or not, if you receive a fake EnergyAustralia email please report it to us by forwarding the email to email@example.com. Don’t forward it to anyone else. Once you’ve sent the hoax email to us, delete it straight away, then empty your Deleted Items folder.
Report scam activity to ACCC Scamwatch
Scam activity can also be reported to the Australian Competition and Consumer Commission (ACCC) using this form. Your report helps them warn the community about the latest scams.
If you’re ever concerned you may have inadvertently provided credit card or banking details to an email scammer, tell your bank or financial institution straight away.
Clearly, scam activity is becoming more inventive and sophisticated. We’ll continue to report scams and other suspicious activity to the relevant authorities to help keep our customers safe and we really appreciate your support in helping us do this.
Find out more about online security and get some more good tips about email hoaxes, how to protect yourself online and what to do if you accidentally open a malicious link or attachment.