Customer security: Scams, fraud and online safety
Get the latest scam alerts, report suspicious activity and learn how to stay safe online.
On this page
- Recognising how online scams work Jump to Recognising how online scams work
- Phishing Jump to Phishing
- Protecting your information Jump to Protecting your information
- Two-factor authentication Jump to: Two-factor authentication
- Identify and report suspicious communications Jump to: Identify and report suspicious activity
- Recent scams, fraud and phishing alerts Jump to Recent scams, fraud and phishing alerts
Security and privacy at AGL
We work hard to make AGL safe and secure. Reports of fraudulent AGL websites, scams, fake alerts, phishing or hoax SMS and emails are carefully monitored. We have introduced measures to keep your account secure, such as mandatory two-factor authentication (2FA) for internet and mobile customers.
We maintain a cyber tool set that is supported by industry leading providers, and actively monitor the ever-evolving threat landscape.
Recognising scams
What scams may look like
Scams can present in many ways. Look out for calls, messages or emails that:
- Appear they're from a reputable company claiming you owe them money.
- Appear to be from a reputable utility company or affiliated third party.
- Appear to come from a department such as the 'Accounts Receivable Team' or 'Accounts Payable'.
- May or may not be from your current energy or telecommunications provider.
- May contain the subject title 'Your AGL Bills Update ✔'.
What scams might ask you to do
- Scams may ask you to make a payment at an unusual time or via a different method. Look out for calls, messages or emails that:
- Claim you've exceeded your energy or mobile usage limit and need to pay, or that you're eligible to use a discounted tariff if you click on the link.
- Direct you to click on a link to view your account, pay your bill or download an attachment. Communications with links that when clicked may infect your device with malicious software and have your identity compromised.
- Request for payment that if paid via a malicious website means that you will lose your money and may have your credit card details stolen.
- May request you to make payments via irregular methods, such as through the purchase of gift cards, or iTunes vouchers.
Things we’ll never do
- Ask for your personal banking or financial details.
- Threaten disconnection within 24 hours of contact.
- Ask you to provide your one-time code except on occasions when you call us.
Phishing
Phishing is a type of online scam where criminals send communications that appear to be from a legitimate company asking you to provide sensitive information or click on a link. Some phishing communications are easy to spot as fraudulent, but others can be a bit more convincing.
Stay safe from scams and phishing
Unfortunately, there's no way to eliminate scammers from sending you emails or text messages, or even calling you on your phone, so it's important to be alert to the signs.
If in doubt, don't open links or action anything. Instead:
ignore it (delete the email/SMS or hang up if it’s a phone call)
check your details in My Account or the AGL app
get in touch with AGL via our support options to check if we've been trying to reach you.
Protecting your information online
Protect your computer and other devices by keeping your software current and installing anti-virus software. Software updates are released because software vendors are always adjusting their code to keep ahead of the criminals.
To help keep yourself safe:
make sure your software, apps and operating systems are updated, especially after a security issue has been identified.
select strong passwords and PINs.
do your research on a reputable anti-virus software and install it on your devices to help stay protected.
Anti-virus software will help identify and protect your devices against most viruses, worms, Trojan horses, and other unwanted invaders that make your computer "sick". The invaders perform malicious acts, such as deleting files, accessing personal data or using your device to attack another device.
For resources on how to protect your information visit the Australian Cyber Security Centre.
Added security with 2FA
Two-factor authentication (2FA) makes your account safer by asking for your password plus a code only you can access, every time you log in. Learn more.
Set up or deactivate 2FA
In the AGL app
- Go to the Account tab and select Settings.
- Select Profile Details.
- Select Set Up Two-Factor Authentication to activate or deactivate 2FA.
In My Account
- Log in to My Account with your registered email address.
- If you have multiple properties, select a property.
- Select your name in the top right corner, then Profile.
- Under Sign in & Security, find Two-factor authentication, then select Edit.
- Confirm your email address and mobile number and then enable 2FA.
Note: 2FA is set up on your login account and will apply to all properties linked to your account.
Update contact information
It’s important we have the correct contact details for you, so that we can enable 2FA and better protect your account. You can update your contact details in My Account or the AGL app.
Learn how to update your email address, mobile number, mailing address, or password.
Online child safety
Protecting children when they’re online
When using the internet, children can access undesirable or harmful content just as easily as useful content.
Developing good online safety habits and adult supervision can help to minimise children’s exposure to harmful online content.
For tips on good online safety habits check out the eSafety Commissioner’s Online safety basics.
Family Friendly Filters
Filters are computer programs that allow the user to control or restrict access to online content.
Communications Alliance (Australia’s peak telecommunications industry association) has created a Family Friendly Filter program list to help you choose a filter for your family.
To qualify for inclusion in the Family Friendly Filter list, these filters are subjected to rigorous independent testing to ensure they meet specific criteria.
Additional online safety precautions
Smartphones and tablets
Find advice that can help you and your family stay safe and secure online:
If you’ve given out your My Account password
Please change your password immediately. Visit Login and passwords: set up and change.
If you use the same password for other accounts on different websites, we suggest you change those as well.
If you suspect you’re a victim of identity theft
Visit the Responding to suspected identity theft for signs of identity theft and steps to take back your identity.
Identify and report suspicious communications
You can report all types of scams to Scamwatch, which is run by the Australian Competition and Consumer Communication (ACCC). This will help increase awareness of the scam to help protect others and assist with investigations.
Report a scam
If you have received suspicious communication from AGL, please let us know by completing our Report a Scam form.
Our Fraud Management team will review your submission and contact you with the outcome of the investigation, if requested.
If you would prefer to speak with us directly, please call us on 131 245.
If you notice unusual activity on your AGL account:
- Please call us immediately on 131 245.
- Reset your AGL password via My Account or the AGL App.
- We also recommend that you set up 2FA to help keep your account secure.
The person sending these may try to obtain your personal details or get you to click on an unsafe link, trick you into making an expensive call or send back a text message. Any of these could result in loss of personal information or funds.
If you get a text message that is unknown, unsolicited or you suspect to be fraudulent, we suggest that you:
Don’t reply to the message, even to unsubscribe
Don’t provide any personal details
Don’t click on any links
Don’t open any attachments
Don’t call any numbers associated with the message
Don’t forward the message onto anyone
There’s no single identifier but here are some hints that will help you establish if an email is suspicious.
The message asks for personal information.
No matter how official an email might look, it's always a bad sign if the message asks for personal information. For example, your bank doesn't need you to send them your account number - they already know it. A company should never send an email asking for your password or credit card number.The offer seems too good to be true.
You didn't initiate the action.
For example, if you get an email saying you have won an AGL competition, but you never entered the competition.The URL (e.g. link to website or email address) doesn't match the name displayed.
If you hover your mouse over the link or email address and its different to the address that you can see, the message is probably fraudulent or malicious. For example, if you hover over a display sender name like “AGL Energy” it should appear as “agl@energy.agl.com.au”, not something like “agl@123.com”.The domain name is slightly different to what it should be e.g. aglenery.com.
Criminals who launch phishing campaigns often depend on people not checking a link before they click it, or not understanding how a domain name is structured.You’re asked to make an unusual or unnecessary payment.
A sign of a phishing email is if you’re asked for money outside of regular billing, or where you do not have an owing balance.The message contains poor spelling and grammar.
When a company sends out a message, it's usually reviewed for spelling, grammar and legality. If a message is filled with poor grammar or spelling mistakes, it probably did not come from them.The message makes unrealistic threats.
If a message makes unrealistic threats, it’s probably a scam. An example of a threat message is an email saying that your account will be cancelled within 24 hours if you don’t action something.Something just doesn't look right.
If it looks off, it probably is.
Phone scams aim to deceive you. The person calling you may be trying to obtain your personal details or credit card details.
Things to look out for;
Phone calls that are out of the blue claiming to be an AGL representative with unrealistic threats.
Being asked to share personal information with unknown or unsolicited callers.
For more information, visit the Australian Communications and Media Authority's page on phone scams.
Recent scams, fraud and phishing alerts
View the latest scams pretending to be AGL and learn what to do if you receive them.
We’re aware of an AGL branded scam email that is currently circulating, with the subject line “Your refund is available online”.
Please refer to an example of the scam email below:
Here are some scam indicators
The email address originates from a non AGL domain name.
The “Access Your Form” embedded link is not related to AGL. If you click on the phishing link it redirects you to what looks like an AGL branded login page, once you’ve entered your details it takes you to a page that prompts you to enter your credit or debit card details to claim the refund.
There are some grammatical errors e.g. Message us in the AGL.
Our Cybersecurity Team continues to take steps to contain these scams as they are identified or reported, however we ask that customers remain vigilant, look out for similar scam indicators and do not click on any suspicious links.
If you have provided any payment details via the link in a scam email, we advise that you contact your bank immediately and report it to Scamwatch. If you have provided personal information call IDCARE on 1800 595 160.
If you have entered your AGL username and password, we recommend you reset your password via My Account or the AGL App, and then enable two-factor authentication. If the same password was used for other services, we recommend you reset these as well. The customer is not required to report the scam to us, but you want to let us know please reach out to us.
If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245, for assistance.
We are aware of scam SMS’s being sent to our customers, using AGL’s branding.
These SMS’s contain varying messages related to outstanding invoices and/or threat of disconnection, with an embedded link to follow.
Please DO NOT click the link in these SMS’s.
These SMS’s contain a fake AGL link, which if clicked can direct the customer to a website impersonating AGL.
Even if the SMS appears to be sent from AGL, these malicious actors can spoof the sender ID/Name of the text messages to make it appear legitimate.
Our Cyber Security team continues to take steps to contain these scams as they are identified or reported, however we ask that customers remain vigilant and do not click on these links.
If you have provided any payment details via the link in a scam SMS, we advise that you contact your banking institution immediately.
If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245, for assistance.
Please see below for a list of scam SMS’s that have been identified to date:
April 2023 - SMS Scam Wording
“Your AGL account is abnormal and needs to be reactivated...”
March 2023 - SMS Scam Wording
“AGL reminder: You have not paid another energy bill, please visit...”
March 2023 - SMS Scam Wording
“AGL: Overdue final warning: You need to pay your energy bills, for details visit...”
February 2023 - SMS Scam Wording
“AGL your fee is overdue, to avoid penalty, please visit…” or;
“Your AGL Gas fee is overdue, To avoid penalty please visit…”
February 2023 - SMS Scam Wording
“to avoid being blacklisted. Please go to pay your bill” or;
“AGL: to avoid disconnect of your service, go to”
November 2022 - SMS Scam Wording
“your Agl account is marked as unpaid” or;
“AGL: Your electricity bill is in arrears”.
We have recently received reports of scam callers pretending to be from AGL. The phone scam is related to the Energy Bill Relief Fund announced by the Australian Government in partnership with the state and territory governments.
The scammers are attempting to obtain customers’ bank details under the false premise of depositing energy bill relief credits. AGL will not contact customers for this purpose – eligible customers will have their energy bill relief credit applied directly to their AGL energy bill. For more information about the Energy Bill Relief Fund please visit the Federal Government Energy Bill Relief website.
If you receive any calls like this, please do not provide any personal information, and disconnect from the call. If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245.
If you’ve lost money or shared your personal information with scammers you should contact your bank. You can also report it to the Australian Cyber Security Centre via https://www.cyber.gov.au/acsc/report and your report will be referred to the appropriate police jurisdiction for assessment. If there’s been no loss of money or personal information you can report the scam to Scamwatch via Report a scam.
We’re aware of an AGL branded scam email that is currently circulating, with the subject line “Refund need to be Issued for Duplicate Payment.”
Please refer to an example of the scam email below, and the scam indicators that can be found.
Grammatical & capitalisation errors in the email title;
“Refund need to be Issued…”
The email address is originating from a non AGL domain name;
“@harborps.org”
The email title, and email heading are inconsistent
“Refund need to be Issued…” vs “Refund will be Issued…”
Inaccuracies and grammatical errors in the body of the email:
a) Here the email refers to filling out a form “above” however the link to the form is found below
b) The sentence “…so we can processed a refund” is grammatically incorrect
When hovering over
“Refund Me” the embedded link information is visible, it can be seen that the URL does not relate to AGL. We can confirm that this URL leads the recipient to a website impersonating AGL and requests for payment information.
There are slight variations to the formatting of the content in the email body. It is always beneficial to look for inconsistencies in font type and sizing, when reviewing a potentially scam email.
Our Cyber Security Team continues to take steps to contain these scams as they are identified or reported, however we ask that customers remain vigilant, looking out for similar fraud indicators and not clicking on any suspicious links.
If you have provided any payment details via the link in a scam email, we advise that you contact your banking institution immediately.
If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245, for assistance.
Making a complaint
Australian internet users have a right to complain about harmful online content, illegal and restricted online content, and unsolicited electronic messages promoting that kind of content at http://esafety.gov.au.
If you have a complaint, you can contact the content provider, contact us, or contact the Office of the eSafety Commissioner and follow their complaints reporting process.
You can complain to both the content provider and the Office of the eSafety Commissioner, even if you’ve complained to the content provider and the complaint remains unresolved.
If you need to report any criminal activity, visit the Crime Stoppers website, or call them on 1800 333 000. Reports can be anonymous.
Useful links
For more information on how to protect yourself against fraud check out these sites:
For information about protecting yourself and your family and securing your device visit the Australian Cyber Security Centre.
For the latest information on how to recognise, avoid and report scams visit Scamwatch, which is run by the Australian Competition and Consumer Commission (ACCC).
