We recently became aware of a small number of customers who may have inadvertently provided some account security information to an unauthorised third party attempting to gain access to their personal information through AGL’ s digital platform. We believe the third party has obtained these personal details externally and not through AGL.

We have taken several steps to secure our customers information, including blocking some suspicious IP addresses.

Any impacted AGL customers will be contacted to alert them of the issue and remind them that AGL will never call and ask for them to provide security information proactively. We’ve also recommended these customers closely monitor their financial accounts for suspicious activity and contact us if they have any concerns.

AGL will never call and ask our customers to identify themselves using a one-time code sent to you through an SMS or email. We will only ask customers for a one-time code including identity verification when you have contacted us as part of protecting your information.

If you are contacted asking to verify yourself through a one-time code or password, please do not provide any personal information. If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245.

AGL has recently received reports of scam callers, purporting to be from legitimate third party companies, affiliated with AGL. These scammers are offering to pay customer’s AGL energy bills for a discounted rate.

The scammers will engage the customer and offer to pay their AGL bill if the customer pays them the discounted bill amount in return. When the scammers make payment to AGL, the payment will either be dishonoured or disputed leaving the customer out of pocket to the scammers and the customer’s AGL bill unpaid.

We are aware that the scammers may request the customer to send across their energy bill to obtain the customers personal information, and they may also engage in conversation over the messaging app, WhatsApp. Please note that AGL, and its affiliated third parties, will never engage with customers via WhatsApp.

If you receive any calls like this, please do not provide any personal information, and disconnect from the call. If you wish to verify the legitimacy of any interaction related to AGL, please contact us directly on 131 245.

If you’ve lost money or shared your personal information with scammers you can report it to the Australian Cyber Security Centre via https://www.cyber.gov.au/acsc/report and your report will be referred to the appropriate police jurisdiction for assessment. If there’s been no loss of money or personal information you can report the scam to Scamwatch via https://www.scamwatch.gov.au/report-a-scam.

We're aware of a current employment scam offering working from home job opportunities with us. It appears to be targeting people outside Australia.

Individuals have recently been approached via fake AGL branded LinkedIn profiles offering job opportunities. These profiles sometimes use legitimate AGL employee names and photos. Fake AGL jobs have also been posted on an overseas job platform and interviews have been offered using platforms such as Skype.

Approved platforms used by AGL for recruitment

We only advertise employment opportunities on agl.com.au/careers and through these approved job platforms:

• SEEK
• LinkedIn
• FlexCareers
• WORK180
• Indeed
• Jora

How to confirm it's a legitimate employment opportunity

If you've been approached by someone who doesn't seem legitimate or you've seen an AGL job ad that appears strange:

Confirm the job is legitimate by searching for the job ad on agl.com.au/careers
If you are still unsure, please contact the AGL Recruitment team directly at recruitmentqueries@agl.com.au

We're aware of an unsolicited email in circulation pretending to be from us containing the subject title: “AGL electricity bill”

Identifying legitimate emails

All legitimate AGL electricity bills will:

• come from the sender address agl@energy.agl.com.au. Any other address may be a hoax email.
• include your supply address and account number in the email body. If it doesn't contain these details, it may be a hoax email.

Identifying a legitimate email

All legitimate AGL electricity bills will:

• come from the sender address agl@energy.agl.com.au. Any other addresses may be a hoax email.
• include your supply address and account number in the email body. If it doesn't contain these details, it may be a hoax email.

We're aware of hoax phone calls being made to customers claiming to be from us. These calls are advising customers that they must make a payment on their account or risk being disconnected within 30 minutes.

We take the security of your information very seriously. While we do contact customers to seek payment on overdue accounts, we'll never threaten disconnection within an unreasonable timeframe if a payment cannot be made.

If you're unsure if a phone call was from us, please:

• check your account balance in My Account or the AGL app
• talk to us about any call we may have made to you and any outstanding payments on your account. See support options below.

If you've provided your details over the phone and believe you may have been a victim of fraud, please contact your financial institution immediately. For more information about what to do if you think your personal details have landed in the wrong hands visit Scamwatch.

We're aware of an unsolicited email in circulation pretending to be from us containing the subject title: “Disconnection Notice”

How to identify whether you've received a legitimate or hoax email

All legitimate AGL disconnection notices will:

• come from the sender address agl@energy.agl.com.au. Any other addresses may be a hoax email.
• include your supply address and account number in the email body. If it doesn't contain these details, it may be a hoax email.

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information or click on a link. Some phishing messages are an obvious fraud, others can be a bit more convincing. So how do you tell the difference between a real message and a phishing message?

There is not one single technique but here are some hints.

1. The message contains a mismatched URL

One of the first things you should check is whether the URL (e.g. link to website or email address) actually matches the name displayed.

If you hover your mouse over the link or email address and it is different to the address that you can see, the message is probably fraudulent or malicious.

For example, if you hover over a display sender name like “Stay Smart Online” it should appear as StaySmartOnline@ag.gov.au, not something like StaySmartOnline123445656@123.com.

2. URLs contain a misleading domain name e.g. microsoft.com.maliciousdomain.com

Criminals who launch phishing campaigns often depend on people not checking a link before they click it, or not understanding how a domain name is structured.

For example a Microsoft webpage would always have microsoft.com at the end:

3. The message contains poor spelling and grammar

If a company sends out a message, it's usually reviewed for spelling, grammar and legality. So if a message is filled with poor grammar or spelling mistakes, it probably did not come from them.

4. The message asks for personal information

No matter how official an email might look, it's always a bad sign if the message asks for personal information. For example, your bank doesn't need you to send them your account number - they already know it. Also, a company should never send an email asking for your password or credit card number.

5. The offer seems too good to be true

If the offer seems too good to be true - it probably is. If you receive a message from someone unknown to you making big promises e.g. you have won tattslotto - when you did not buy a ticket - the message is probably a scam.

6. You did not initiate the action

For example, if you get an email saying you won a car but you never entered the competition, it is probably a scam.

7. You are asked to send money to cover expenses

A sign of a phishing email is that you are asked for money - even if it is not in the first email.

8. The message makes unrealistic threats

If a message makes unrealistic threats it is probably a scam. An example of a threat message is an email saying that if you do not submit a form with identification, your account will be cancelled and assets seized.

9. The message appears to be from an official source

Official sources do not use email as their first form of contact. It will most probably be a scam.

10. Something just does not look right

If it looks off, it probably is. This also applies to email messages. If you receive a message that seems suspicious, it's usually in your best interests to avoid acting on the message. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.

Protect your computer and other devices by keeping your software current and installing anti-virus software to keep the criminals away.

• The only way to keep yourself safe is to keep you software current, updating apps and operating systems as soon as updates are released - especially after a security issue has been identified.
• The updates are released because software vendors are always adjusting their code to keep ahead of the criminals.
• Software updates are a crucial step in keeping your private information private.
  And don’t forget to install anti-virus software on your devices.

Viruses, worms, Trojan horses, ransomware are just some of the intruders that anti-virus software will stop. Anti-virus software helps protect your computer against most viruses, worms, Trojan horses, and other unwanted invaders that can make your computer "sick".

The invaders perform malicious acts, such as deleting files, accessing personal data or using your computer to attack other computers.

To keep your devices healthy, install anti-virus software. Do some research on anti-virus software but some of the big names in Anti Virus software are Norton by Symantec and McAfee.

For resources on how to protect your information visit the Australian Cyber Security Centre.

There are scam emails and phone calls currently circulating that pretend to be from reputable energy companies.

Here are two examples of scams

1. They claim you owe money for an outstanding gas or electricity bill and ask you to make a payment over the phone or click on a link to view your account or make a payment. They may also threaten disconnection activity within 24 hours of contact.
2. They pretend to be from AGL and try to gain your personal information by falsely saying things like your energy bill is overdue and you need to share your credit card or bank account details to avoid being disconnected. Or, you’ve been overcharged and we need your credit card in order to refund you.

These are just two examples, but if you receive a phone call or email that’s similarly unusual or suspicious that asks for your financial information, please do two things:

• Ignore it
• Check on your account balance in My Account or the AGL app.
• Get in touch to check if we've been trying to reach you. See support options below.

If you’ve provided your details on a website, by email or over the phone and believe you may have been a victim of fraud, please contact your financial institution immediately.

How the scams work

• You receive an email that looks like it's from a reputable energy company claiming that you owe them money
• The email may appear to come from a department like the 'Accounts Receivable Team' or 'Accounts Payable'
• The email may contain the subject title 'Your AGL Bills Update ✔'
• The email may or may not be from your current energy provider
• The email may claim you've exceeded your energy usage limit and need to pay. Or, that you're eligible to use a discounted energy tariff if you click on the link.
• The email may direct you to click on a link to view your account, pay your bill or download an attachment
• If you click on the link, your computer may be infected with malicious software and your identity compromised
• If you pay the amount, you will lose your money and may have your credit card details stolen.

Things we will never do

• Send you emails asking for personal banking or financial details
• Threaten disconnection within 24 hours of contact

How to protect yourself

• If you receive a suspicious email for outstanding energy usage, delete it immediately
• If you're not sure it's a scam, contact your energy provider with the contact details from their website and not from the email
• Look out for tell tale signs of a scam email, including spelling mistakes and poor grammar
• Never click on the links from suspicious emails and delete them immediately

For more information visit Scamwatch.