How we protect your information

We take the security of your account and personal information seriously. These are the security measures we use:

We have the following security measures to keep your password strong and your access to My Account secure:

  • My Account passwords must be 8-12 characters long and must contain at least one lowercase letter, one uppercase letter and one number.
  • Your account will be locked if an invalid password is entered more than five times.  
  • Our reset password process sends an email to the email address you registered with EnergyAustralia, with a link to reset your password.

My Account will stay logged in for 20 minutes with no activity. After that, My Account automatically logs you off.

Access to My Account is encrypted using Secure Sockets Layer (SSL) encryption technology. SSL is an internet security protocol that provides an encrypted tunnel between your computer and the site you’re viewing. This tunnel lets you access and transmit sensitive information securely. This helps prevent others intercepting the data being sent between your computer and the site.

You should see that the “http” in the address line is replaced with “https” and there is a small padlock in the address line before the URL or in the status bar at the bottom of the browser window (depending which browser and version you are using).


You can double-click on the padlock to view the digital certificate details:


These are some tips to help you protect your personal details online.

1. Secure your computer or mobile device

  • Install reputable security software to protect your computer, tablet or  smart phone from malware, viruses and spyware.
  • Set your operating system and security software to update automatically.
  • Turn on your pop-up blocker (you will need to turn the pop-blocker off to view your bills in My Account).

2.    Protect your online accounts

  • Use strong passwords for all your online accounts. We recommend a minimum of eight characters and a mix of upper and lower case letters  and numbers.
  • Use different passwords for different activities and change them regularly.
  • Select ‘no’ when your computer or mobile offers to automatically remember your login ID or password for websites or applications.
  • Make sure you log out of My Account when you’ve finished using it. Then others can’t view your account and personal details if the computer is unattended.

3.    How to stay smart online

  • Don’t open attachments or emails if you don’t know the sender or if you’re not expecting the email. If you don’t know who sent you the email, delete it.  
  • Scan email attachments for malware and viruses before opening them.
  • Be wary when asked to click on links and attachments in emails and on websites.
  • Don’t give out your personal details unless you’re confident the recipient is a trusted party.
  • Confirm the legitimacy of a website before you make online payments or provide personal information.
  • Question and verify requests to provide, update, validate or confirm your personal or account information in an unexpected way, even if it looks like it’s from your bank or an organisation you know and trust. If in doubt contact the organisation by phone.
  • Only download software and files from reputable websites you trust.
  • Don’t use public computers or Wi-Fi hotspots to access or provide personal information.

Scams come in many forms – email, mail, phone, online. If you think you’ve received a scam or hoax email, don’t:

  • Click on any links
  • Open attachments
  • Provide the information requested.

If you click on a link or open an attachment by accident, run a full security scan of your computer using reputable security software.  

It’s important to report scams as soon as possible to let the appropriate organisation investigate the scam and help prevent others being affected.

To report a scam to EnergyAustralia:

  • Send the hoax email or scam details to Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else.
  • Once you’ve sent the hoax email to, delete it from your inbox immediately. Then empty your Deleted Items folder.

Note:  We’re can’t respond directly to individual emails. You’ll receive an automated reply as a confirmation that we’ve received your email and are acting upon it.

If you believe your account or personal details have been compromised, contact us immediately on 1800 171 397.

Check the SCAMwatch website for examples of recent scams or hoaxes you should be aware of.

Report all non-EnergyAustralia related scams to the Australian Competition and Consumer Commission (ACCC) on the SCAMwatch website at or a state or territory fair trading authority.

If you think you’ve provided your bank account details to a scammer, contact your bank or financial institution immediately.