MailGuard chief executive Craig McDonald said the realistic-looking email masquerades as an invoice from the energy company.

“Appearing exactly like a real bill from EnergyAustralia, it tells people the invoice is due in the coming days,” he told news.com.au.

“The due date and amount owing are randomised so that each recipient gets a unique bill. This is a tactic by the cybercriminals to avoid detection.”

Mr McDonald said those who do not pick up on the suspicious email address noreply@energy agent.net are subject to a potentially-dangerous payload when they click the “View bill” link, which downloads a .ZIP archive file containing a malicious JavaScript file.

The security expert said while MailGuard has blocked thousands of variations of the email since Tuesday morning, traditional antivirus programs are less likely to flag the email as suspicious as it appears as a single, individual message.

Earlier this month, EnergyAustralia had warned its customers to be wary of scam emails.

“If you have received this email, you can report it to EnergyAustralia by forwarding the email to staysafe@energyaustralia.com.au. Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else,” the website reads.

“Once you’ve sent the hoax email to staysafe@energyaustralia.com.au, delete it from your inbox immediately. Then empty your Deleted Items folder.”

TIPS ON HOW TO IDENTIFY A SCAM EMAIL

• Only click links from trusted senders. Take a closer look at any link by hovering your mouse over and checking the destination in your browser. If it doesn’t match, it is not legitimate.

• Never open an attachment that is a .zip file or .exe file unless you are expecting it. Files from unknown senders often contain some kind of malware or virus.

• Check who is sending you email communication. Be aware that malware, phishing scams or spam may come from unrecognisable or odd email addresses, however legitimate email addresses can be forged easily.