Keeping your information safe online

Cyber Security

Online account safety

The security of your billing and other information is important and we want to update you on what we’re doing to ensure your information is protected.

For all your online accounts including EnergyAustralia’s My Account, it’s important to:

  • Create a complex password with a mix of upper- and lower-case letters, special characters and numbers
  • Don’t use a password that you’ve used before or that you use for other accounts
  • Don’t share your password with anyone

Different organisations have different requirements for passwords, but most will require you to change them regularly and not re-use the same password for every account.

Other suggestions include using a passphrase made up of three or more random words combined with special characters, and using a reputable password manager app.

Don’t be caught by a ‘phishing’ (or ‘smishing’ or ‘vishing’) scam

A 'phish' is a disguised email that tries to lure you into doing something you shouldn't do, like entering your password into a fake website or downloading malicious software.

Clicking on links may inadvertently allow a cyber-criminal to get into accounts and steal money or intellectual property, copy or encrypt data, or disrupt technology systems.

Smishing is a form of phishing, occurring via SMS texts. Vishing is also a form of phishing, through voice calls over the phone.

Phishing that is targeted at specific individuals is known as 'spear phishing'. In these cases, cyber-criminals research their target and tailor the message to match their situation.

Fake EnergyAustralia emails

At first glance, fake EnergyAustralia emails might look convincing. They feature our company name, brand logo and colours, and even our ‘View bill’ icon which will be familiar to our customers who receive eBills.

Senders of such scam emails are hoping you’ll click on the ‘View bill’ icon, as the web link that sits behind it is malicious and designed to convince you to enter confidential information, such as your password or banking details.

How to tell if it’s a scam

Take a look at the sender’s email address. Our electronic bills to customers are always sent from

If you get an email from an address that’s anything other than the above claiming to be one of our eBills, don’t open it or click any of its links or icons. There may also be other details that point to it being a fake email, such as poor spelling, generic addressee when it’s usually personalised, or a sense of threat or urgency.

What to do

Whether you’re one of our customers or not, if you receive a fake EnergyAustralia email please report it to us by forwarding the email to Don’t forward it to anyone else. Once you’ve sent the hoax email to us, delete it straight away, then empty your Deleted Items folder.

Report scam activity to ACCC Scamwatch

Scam activity can also be reported to the Australian Competition and Consumer Commission (ACCC) using this form. Your report helps them warn the community about the latest scams.

If you’re ever concerned you may have inadvertently provided credit card or banking details to an email scammer, tell your bank or financial institution straight away.

Ongoing issue

Clearly, scam activity is becoming more inventive and sophisticated. We’ll continue to report scams and other suspicious activity to the relevant authorities to help keep our customers safe and we really appreciate your support in helping us do this.

Find out more about online security and get some more good tips about email hoaxes, how to protect yourself online and what to do if you accidentally open a malicious link or attachment.