AGL Scam Carrying Crypto Ransomware Torrentlocker Hits Aus Inboxes

AGL Energy (AGL) is warning people of an AGL branded email scam which contains malicious malware that has potential to access personal information.

The scam presents as an e-Account and asks readers to click on a link.

AGL advises it will never send an email asking for personal banking or financial details.

AGL has reported the scam to numerous authorities including ScamWatch, the ACCC and the AFP.

Anyone who receives a suspicious email should delete it immediately, or if opened, not click on any links.

[dt_fancy_separator separator_style=”dashed”]

Here is a sample of the AGL email which has many variations:

AGL electricity account example

The scam email appears to be from AGL, advising the recipient of their current bill. The email is personalised for each recipient and provides a link for the recipient to view their electricity bill online.

Here is a sample of the first page recipients are directed to:

AGL captcha code

The landing page asks the user to enter in a ‘Captcha’ code. Once completed, the page downloads a .zip file containing a Javascript dropper. The dropper when executed then downloads Torrentlocker from a remote location.

AGL download example
[dt_fancy_separator separator_style=”dashed”]
[dt_vc_list style=”2″ dividers=”false”]

How can I protect myself from email scams?

To reduce the risk, you should be suspicious of and immediately delete any email that:

  • Instructs you to download a file or click on a link to access your account or other information
  • Is purporting to be from a business you know and trust, yet the language is not consistent with the way they usually write (and may contain multiple grammatical errors)
  • Asks you to click on a link to access their website. If unsure call the company directly to confirm whether the email is legitimate


If unsure, do not click links or download files contained within the email and contact the purported sender directly to verify the authenticity of the email. Furthermore ensure that you keep your IT department ( or 1300 033 300) aware that you have been receiving these emails to ensure the problem is adequately addressed.