Scams, hoaxes and online safety

Get the latest scam alerts, report suspicious emails and learn how to stay safe online.

We’re serious about security and privacy

We work hard to make AGL safe and secure. Unfortunately, there’s no way to eliminate spammers and scammers from sending you emails so it’s important to be alert to the signs.

Suspicious emails include scams, fake alerts, phishing and hoax emails. They typically claim that you owe money for an outstanding gas or electricity bill to try to get you to make a payment.

If you’re in doubt, don’t open these links – instead view your account details in My Account or the AGL app. Remember, we'll never email you to ask for your personal banking or financial details.

Recent scams, fraud and phishing alerts

We're aware of a current employment scam offering working from home job opportunities with us. It appears to be targeting people outside Australia.

Individuals have recently been approached via fake AGL branded LinkedIn profiles offering job opportunities. These profiles sometimes use legitimate AGL employee names and photos. Fake AGL jobs have also been posted on an overseas job platform and interviews have been offered using platforms such as Skype.

Approved platforms used by AGL for recruitment

We only advertise employment opportunities on agl.com.au/careers and through these approved job platforms:

How to confirm it's a legitimate employment opportunity

If you've been approached by someone who doesn't seem legitimate or you've seen an AGL job ad that appears strange:

Confirm the job is legitimate by searching for the job ad on agl.com.au/careers
If you are still unsure, please contact the AGL Recruitment team directly at recruitmentqueries@agl.com.au

We're aware of an unsolicited email in circulation pretending to be from us containing the subject title: “AGL electricity bill”

Example of hoax email with subject AGL electricity bill

Identifying legitimate emails

All legitimate AGL electricity bills will:

  • come from the sender address agl@energy.agl.com.au. Any other address may be a hoax email.
  • include your supply address and account number in the email body. If it doesn't contain these details, it may be a hoax email.
Example of unsolicited email with subject AGL electricity bill

Identifying a legitimate email

All legitimate AGL electricity bills will:

  • come from the sender address agl@energy.agl.com.au. Any other addresses may be a hoax email.
  • include your supply address and account number in the email body. If it doesn't contain these details, it may be a hoax email.

We're aware of hoax phone calls being made to customers claiming to be from us. These calls are advising customers that they must make a payment on their account or risk being disconnected within 30 minutes.

We take the security of your information very seriously. While we do contact customers to seek payment on overdue accounts, we'll never threaten disconnection within an unreasonable timeframe if a payment cannot be made.

If you're unsure if a phone call was from us, please:

If you've provided your details over the phone and believe you may have been a victim of fraud, please contact your financial institution immediately. For more information about what to do if you think your personal details have landed in the wrong hands visit Scamwatch.

We're aware of an unsolicited email in circulation pretending to be from us containing the subject title: “Disconnection Notice”

Example of hoax email with subject Disconnection notice

How to identify whether you've received a legitimate or hoax email

All legitimate AGL disconnection notices will:

  • come from the sender address agl@energy.agl.com.au. Any other addresses may be a hoax email.
  • include your supply address and account number in the email body. If it doesn't contain these details, it may be a hoax email.

Received a hoax email?

If you've received an email that mentions AGL and looks suspicious, there are things you can do to protect yourself. Above all, do not open attachments or links in an email you're not sure about.

To help us investigate it, we ask that you send us the suspicious email as an attachment to a new email (rather than forwarding it). You can also contact us directly if you want to confirm if a bill or communication is legitimate.

We take the security of your information very seriously. We'll never send emails asking you to confirm, update or disclose personal or banking information.

How to report a suspicious email

  1. Open a new email in your email browser
  2. Drag the suspicious email out of your inbox and drop it into the new email (it will become an attachment)
  3. Send it to spam@agl.com.au with the subject 'Spam'
  4. Delete the suspicious email

Once we receive your email, we'll review it, confirm if it is unsafe spam and get in touch if we need any more information.

What to do if you're a victim of fraud

If you've fallen victim to a scam involving financial loss, identity theft or had a password stolen visit the IDCARE website.

Information and resources

  • For information and resources to help you and your family stay safe from cyber security threats visit the Australian Cyber Security Centre
  • For the latest information on how to recognise, avoid and report scams visit Scamwatch
  • If you've fallen victim to a scam involving financial loss, identity theft or had a password stolen visit IDCARE

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information or click on a link. Some phishing messages are an obvious fraud, others can be a bit more convincing. So how do you tell the difference between a real message and a phishing message?

There is not one single technique but here are some hints.

1. The message contains a mismatched URL

One of the first things you should check is whether the URL (e.g. link to website or email address) actually matches the name displayed.

If you hover your mouse over the link or email address and it is different to the address that you can see, the message is probably fraudulent or malicious.

For example, if you hover over a display sender name like “Stay Smart Online” it should appear as StaySmartOnline@ag.gov.au, not something like StaySmartOnline123445656@123.com.

2. URLs contain a misleading domain name e.g. microsoft.com.maliciousdomain.com

Criminals who launch phishing campaigns often depend on people not checking a link before they click it, or not understanding how a domain name is structured.

For example a Microsoft webpage would always have microsoft.com at the end:

info.microsoft.com This could be OK
info.microsft.com.micosoft.com This is NOT OK (note the missing letters)

3. The message contains poor spelling and grammar

If a company sends out a message, it's usually reviewed for spelling, grammar and legality. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from them.

4. The message asks for personal information

No matter how official an email might look, it's always a bad sign if the message asks for personal information. For example, your bank doesn't need you to send them your account number - they already know it. Also, a company should never send an email asking for your password or credit card number.

5. The offer seems too good to be true

If the offer seems too good to be true - it probably is. If you receive a message from someone unknown to you making big promises e.g. you have won tattslotto - when you did not buy a ticket - the message is probably a scam.

6. You did not initiate the action

For example, if you get an email saying you won a car but you never entered the competition, it is probably a scam.

7. You are asked to send money to cover expenses

A sign of a phishing email is that you are asked for money - even if it is not in the first email.

8. The message makes unrealistic threats

If a message makes unrealistic threats it is probably a scam. An example of a threat message is an email saying that if you do not submit a form with identification, your account will be cancelled and assets seized.

9. The message appears to be from an official source

Official sources do not use email as their first form of contact. It will most probably be a scam.

10. Something just does not look right

If it looks off, it probably is. This also applies to email messages. If you receive a message that seems suspicious, it's usually in your best interests to avoid acting on the message. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.

Protect your computer and other devices by keeping your software current and installing anti-virus software to keep the criminals away.

  • The only way to keep yourself safe is to keep you software current, updating apps and operating systems as soon as updates are released - especially after a security issue has been identified.
  • The updates are released because software vendors are always adjusting their code to keep ahead of the criminals.
  • Software updates are a crucial step in keeping your private information private.
    And don’t forget to install anti-virus software on your devices.

Viruses, worms, Trojan horses, ransomware are just some of the intruders that anti-virus software will stop. Anti-virus software helps protect your computer against most viruses, worms, Trojan horses, and other unwanted invaders that can make your computer "sick".

The invaders perform malicious acts, such as deleting files, accessing personal data or using your computer to attack other computers.

To keep your devices healthy, install anti-virus software. Do some research on anti-virus software but some of the big names in Anti Virus software are Norton by Symantec and McAfee.

For resources on how to protect your information visit the Australian Cyber Security Centre.

There are scam emails and phone calls currently circulating that pretend to be from reputable energy companies.

Here are two examples of scams

  1. They claim you owe money for an outstanding gas or electricity bill and ask you to make a payment over the phone or click on a link to view your account or make a payment. They may also threaten disconnection activity within 24 hours of contact.
  2. They pretend to be from AGL and try to gain your personal information by falsely saying things like your energy bill is overdue and you need to share your credit card or bank account details to avoid being disconnected. Or, you’ve been overcharged and we need your credit card in order to refund you.

These are just two examples, but if you receive a phone call or email that’s similarly unusual or suspicious that asks for your financial information, please do two things:

If you’ve provided your details on a website, by email or over the phone and believe you may have been a victim of fraud, please contact your financial institution immediately.

How the scams work

  • You receive an email that looks like it's from a reputable energy company claiming that you owe them money
  • The email may appear to come from a department like the 'Accounts Receivable Team' or 'Accounts Payable'
  • The email may contain the subject title 'Your AGL Bills Update ✔'
  • The email may or may not be from your current energy provider
  • The email may claim you've exceeded your energy usage limit and need to pay. Or, that you're eligible to use a discounted energy tariff if you click on the link.
  • The email may direct you to click on a link to view your account, pay your bill or download an attachment
  • If you click on the link, your computer may be infected with malicious software and your identity compromised
  • If you pay the amount, you will lose your money and may have your credit card details stolen.

Things we will never do

  • Send you emails asking for personal banking or financial details
  • Threaten disconnection within 24 hours of contact

How to protect yourself

  • If you receive a suspicious email for outstanding energy usage, delete it immediately
  • If you're not sure it's a scam, contact your energy provider with the contact details from their website and not from the email
  • Look out for tell tale signs of a scam email, including spelling mistakes and poor grammar
  • Never click on the links from suspicious emails and delete them immediately

For more information visit Scamwatch.


Need support?

Message

Leave a message and we'll get back to you. Launch the app or select the message button in My Account.

Leave a message
Chat

Chat with us online.

Call

Got time to talk?

Call 131 245
More ways to get support

For interpreter services, services for hearing and impaired customers or the number to call if you’re overseas, visit Contact us.