Menu Search Hoax-Slayer

'Your Atmos Energy Bill is Available' Malware Email

Outline
Email purporting to be from US natural gas distributor Atmos Energy claims that the recipient's latest energy bill can be viewed on line by clicking a link.

Brief Analysis
The email is not from Atmos. Clicking links in the message opens a compromised website that harbours malware. If installed, this malware can connect the infected computer to a botnet and download further malware. If this email comes your way, do not click any links or open any attachments that it may contain.


Example

Subject: Your Atmos Energy Bill is Available online

Your latest Atmos Energy bill is now available to view online.

Click here to find out why natural gas is the best choice for clean and responsible energy use.

Account Number : 4516684602

Bill date: 01/02/2014

Current Charges: $39.90

Total Amount Due: $39.90

Payment Due Date: Due upon receipt

Past Due Date: 01/25/13

To view your most recent bill, please click here. You must log-in to your account or register for an online account to view your statement.

There are many options to pay your bill. Sign up for the Automatic Payment Plan to have your payment automatically deducted from your bank or credit card. Pay electronically online at the Account Center, visit an Authorized Payment Center or send a check by mail.

Our monthly bill inserts keep you current on natural gas safety information, energy-saving tips, regulatory updates and more. Click here to view the monthly inserts.

Atmos Energy appreciates your business.



Detailed Analysis
According to this email, which claims to be from US natural gas provider Atmos Energy, the recipient can view the latest Atmos energy bill by clicking a link.  The email also invites people to find out more about natural gas by clicking other links. The message includes a customer account number, current charges, and the date the supposed bill was issued.

However, the email is not from Atmos.


Clicking any of the links in the email will take users to a compromised website that harbours the Kuluoz malware. Once installed, Kuluoz can join the computer up to the Asprox botnet and download and install more malware components.

Atmos has published a notice on its website warning users about the scam emails. The warning notes that the emails are coming from an address that is not affiliated with Atmos Energy and uses fake account numbers.

If you receive this email, do not click any links or open any attachments that it contains.

Malware distributors and phishing scammers often use fake bill notification emails as a means of gaining victims. Be wary of any unsolicited email that claims that you can view a bill by clicking a link or opening an attached file.  

Of course, some service providers do send bill notifications via email, usually because a customer has explicitly chosen to receive email rather than paper bills. Thus, it is important that you carefully check that a bill notification email is really from your provider before clicking links or opening attached files.


Last updated: January 6, 2014
First published: January 6, 2014
By Brett M. Christensen
About Hoax-Slayer

References

Atmos Energy Bill themed emails lead to Asprox
Atmos Energy
Bogus Telstra 'Email Bill' Carries Malware
© Brett M.Christensen, 2014. All Rights Reserved.

Go to Desktop Version