We are aware of scams SMS’s being sent to our customers, using AGL’s branding.

These SMS’s contain varying messages related to outstanding invoices and/or threat of disconnection, with an embedded link to follow.

Please DO NOT click the link in these SMS’s.

These SMS’s contain a fake AGL link, which if clicked can direct the customer to a website impersonating AGL.

Even if the SMS appears to be sent from AGL, these malicious actors can spoof the sender ID/Name of the text messages to make it appear legitimate. 

Our Cyber Security Team continues to take steps to contain these scams as they are identified or reported, however we ask that customers remain vigilant and do not click on these links.

If you have provided any payment details via the link in a scam SMS, we advise that you contact your banking institution immediately.

If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245, for assistance.

Please see below for a list of scam SMS’s that have been identified to date:

We have recently received reports of scam callers pretending to be from AGL. The phone scam is related to the Energy Bill Relief Fund announced by the Australian Government in partnership with the state and territory governments.

The scammers are attempting to obtain customers’ bank details under the false premise of depositing energy bill relief credits. AGL will not contact customers for this purpose – eligible customers will have their energy bill relief credit applied directly to their AGL energy bill. For more information about the Energy Bill Relief Fund please visit the Federal Government Energy Bill Relief website.

If you receive any calls like this, please do not provide any personal information, and disconnect from the call. If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245.

If you’ve lost money or shared your personal information with scammers you can report it to the Australian Cyber Security Centre via https://www.cyber.gov.au/acsc/report and your report will be referred to the appropriate police jurisdiction for assessment. If there’s been no loss of money or personal information you can report the scam to Scamwatch via https://www.scamwatch.gov.au/report-a-scam.

We are aware of an AGL branded scam email that is currently circulating, with the subject line “Refund need to be Issued for Duplicate Payment.”

Please refer to an example of the scam email below, and the scam indicators that can be found.

1. Grammatical & capitalisation errors in the email title; “Refund need to be Issued…”

2. The email address is originating from a non AGL domain name; “@harborps.org”

3. The email title, and email heading are inconsistent “Refund need to be Issued…” vs “Refund will be Issued…”

4. Inaccuracies and grammatical errors in the body of the email:

a) Here the email refers to filling out a form “above” however the link to the form is found below

b) The sentence “…so we can processed a refund” is grammatically incorrect

5. When hovering over “Refund Me” the embedded link information is visible, it can be seen that the URL does not relate to AGL. We can confirm that this URL leads the recipient to a website impersonating AGL and requests for payment information.

6. There are slight variations to the formatting of the content in the email body. It is always beneficial to look for inconsistencies in font type and sizing, when reviewing a potentially scam email.

Our Cyber Security Team continues to take steps to contain these scams as they are identified or reported, however we ask that customers remain vigilant, looking out for similar fraud indicators and not clicking on any suspicious links. 

If you have provided any payment details via the link in a scam email, we advise that you contact your banking institution immediately.

If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245, for assistance.

Scams can present in many ways. They may pretend to be from a reputable energy or telecommunications company, or affiliated third party, claiming you owe money for an outstanding gas, electricity, internet or mobile bill. They may ask you to make a payment over the phone, click on a link to view your account or make a payment. They may also threaten disconnection activity within 24 hours of contact.

We’ve seen scams that pretend to be from AGL to try gain your personal information by making false claims, such as ‘your energy bill is overdue and you need to share your credit card or bank account details to avoid being disconnected,’ or ‘you’ve been overcharged, and we need your credit card or bank account to refund you. ‘

How the scams work

• You receive communication that looks like it's from a reputable company claiming you owe them money.
• The communication may appear to come from a department such as the 'Accounts Receivable Team' or 'Accounts Payable'.
• The communication may contain the subject title 'Your AGL Bills Update ✔'.
• The communication may or may not be from your current energy or telecommunications provider.
• The communication may claim you've exceeded your energy or mobile usage limit and need to pay, or that you're eligible to use a discounted tariff if you click on the link.
• The communication may direct you to click on a link to view your account, pay your bill or download an attachment. Communications with links that when clicked may infect your device with malicious software and have your identity compromised.
• Request for payment that if paid via a malicious website means that you will lose your money and may have your credit card details stolen.
• You may be requested to make payments via irregular methods, such as through the purchase of gift cards, or iTunes vouchers.

Things we will never do

• Ask for your personal banking or financial details.
• Threaten disconnection within 24 hours of contact.
  
  

Phishing is a type of online scam where criminals send communications that appears to be from a legitimate company asking you to provide sensitive information or click on a link. Some phishing communications are easy to spot as fraudulent but others can be a bit more convincing.

See below for our tips on identifying suspicious text messages and emails.
 

The person sending these may try to obtain your personal details or get you to click on an unsafe link, trick you into making an expensive call or send back a text message. Any of these could result in loss of personal information or funds.

If you get a text message (SMS or MMS) that is unknown, unsolicited or you suspect to be fraudulent, we suggest:

• Don’t reply to the message, even to unsubscribe
• Don’t provide any personal details 
• Don’t click on any links 
• Don’t open any attachments 
• Don’t call any numbers associated with the message
• Don’t forward the message onto anyone
  
  

There is no single identifier, but here are some hints that will help you establish if an email is suspicious.

1. The message asks for personal information
   No matter how official an email might look, it's always a bad sign if the message asks for personal information. For example, your bank doesn't need you to send them your account number - they already know it. A company should never send an email asking for your password or credit card number.
2. The offer seems too good to be true
   If the offer seems too good to be true - it probably is.
3. You did not initiate the action
   For example, if you get an email saying you have won an AGL competition, but you never entered the competition, it is probably a scam.
4. Check whether the URL (e.g. link to website or email address) matches the name displayed
   If you hover your mouse over the link or email address and it is different to the address that you can see, the message is probably fraudulent or malicious. For example, if you hover over a display sender name like “AGL Energy” it should appear as “agl@energy.agl.com.au”, not something like “agl@123.com”.
5. Check whether the domain name is slightly different to what it should be e.g. aglenery.com
   Criminals who launch phishing campaigns often depend on people not checking a link before they click it, or not understanding how a domain name is structured.
6. You are asked to make an unusual or unnecessary payment
   A sign of a phishing email is if you are asked for money outside of regular billing, or where you do not have an owing balance.
7. The message contains poor spelling and grammar
   When a company sends out a message, it's usually reviewed for spelling, grammar and legality. If a message is filled with poor grammar or spelling mistakes, it probably did not come from them.
8. The message makes unrealistic threats
   If a message makes unrealistic threats, it is probably a scam. An example of a threat message is an email saying that your account will be cancelled within 24 hours if you don’t action something.
9. Something just does not look right
   If it looks off, it probably is.
    

Phone scams aim to deceive you. The person calling you may be trying to obtain your personal details or credit card details.

Things to look out for

• Phone calls that are out of the blue claiming to be an AGL representative with unrealistic threats.
• Sharing personal information with unknown or unsolicited callers.

For more information, visit the Australian Communications and Media Authority's page on phone scams.

Protect your computer and other devices by keeping your software current and installing anti-virus software to help keep the criminals away.

• To help keep yourself safe, make sure your software, apps and operating systems are updated, especially after a security issue has been identified.
• The updates are released because software vendors are always adjusting their code to keep ahead of the criminals.
• Software updates are a crucial step in keeping your information private.
• Selecting strong passwords and PINs.

Anti-virus software will help identify and protect your devices against most viruses, worms, Trojan horses, and other unwanted invaders that make your computer "sick". The invaders perform malicious acts, such as deleting files, accessing personal data or using your device to attack another device.

Do your research on a reputable anti-virus software and install it on your devices to help stay protected.

For resources on how to protect your information visit the Australian Cyber Security Centre.

Please change your password immediately. Follow these steps to change it.

If you use the same password for other accounts on different websites, we suggest you change those as well.

Visit the Responding to suspected identity theft (agl.com.au) for signs of identity theft and steps to take back your identity.

Help us investigate suspicious text and emails:

• Report a suspicious text by taking a screenshot of the text and sending it to spam@agl.com.au noting the time, date and phone number.
• Report a suspicious email by:     

1. Opening a new email in your email browser.
2. Dragging the suspicious email out of your inbox and drop it into the new email (it will become an attachment).
3. Address the new email to spam@agl.com.au with the subject ‘Spam’.
4. Delete the suspicious email from your inbox.

Once we receive your email, we will review and confirm whether it is a scam email. We will be in touch if we need any more information.

Remember if you want to confirm if a bill or communication is legitimate:

• You can get in touch using our support options to check if we've been trying to reach you. 
• You could also check on your account balance in My Account  or the  AGL app.
   

You can report all types of scams to Scamwatch that is run by the Australian Competition and Consumer Communication (ACCC). This will help increase awareness of the scam to help protect others and assist with investigations.