How we protect your information
The security of your account and personal information is important and our security measures are regularly reviewed and updated. However, as we’ve seen, everyone needs to be vigilant and remain alert and up to date, as scammers become more sophisticated and cyberattacks more regular. Read below for more information.
We have updated our security measures to improve the security and strength of your password.
For My Account, create a password that’s a mix of upper- and lower-case letters, special characters and numbers
Don’t use a password that you’ve used before or that you use for other accounts
Don’t share your password with anyone
Your account will be locked if an invalid password is entered more than five times.
Follow our forgotten password process if you have forgotten your password.
Note: You can access our EnergyAustralia app using the same My Account login details.
The change follows a cyber incident involving My Account in September-October 2022. The incident resulted in the exposure of data for 323 residential and small business customers.
There is no evidence that the information of the 323 customers was transferred outside of our systems during the incident and no other EnergyAustralia systems were affected. All impacted customers were contacted.
Access to My Account is encrypted using Secure Sockets Layer (SSL) encryption technology. SSL is an internet security protocol that provides an encrypted tunnel between your computer and the site you’re viewing. This tunnel lets you access and transmit sensitive information securely. This helps prevent others intercepting the data being sent between your computer and the site.
To confirm you’re on a secure or encrypted website, you should see that the “http” in the address line is replaced with “http” and there is a small padlock in the address line before the URL or in the status bar at the bottom of the browser window (depending which browser and version you are using).
You can double-click on the padlock to view the digital certificate details:
Some tips to help you protect your personal details online.
1. Secure your computer or mobile device
- Install reputable security software to protect your computer, tablet or smartphone from malware, viruses and spyware.
- Set your operating system and security software to update automatically.
- Turn on your pop-up blocker (note: you will need to turn the pop-blocker off to view your bills in your EnergyAustralia My Account).
2. Protect your online accounts
- Use strong passwords for all your online accounts. We recommend a minimum of 12 characters and a mix of upper- and lower-case letters, numbers, and special characters.
- Use a reputable password manager app
- A useful suggestion is to use a passphrase made up of three or more random words combined with special characters
- Use different passwords for different activities and change them regularly.
- Select ‘no’ when your computer or mobile offers to automatically remember your login ID or password for websites or applications.
- Make sure you log out of My Account when you’ve finished using it. Then others can’t view your account and personal details if the computer is unattended. Do this for all your online accounts.
A 'phish' is a disguised email that tries to lure you into doing something you shouldn't do, like entering your password into a fake website or downloading malicious software.
Clicking on links may inadvertently allow a cyber-criminal to get into accounts and steal money or intellectual property, copy or encrypt data, or disrupt technology systems.
Smishing is a form of phishing, occurring via SMS texts. Vishing is also a form of phishing, through voice calls over the phone.
Phishing that is targeted at specific individuals is known as 'spear phishing'. In these cases, cyber-criminals research their target and tailor the message to match their situation.
To avoid being phished, smished or vished:
- Don’t open attachments, emails or click on links in text messages (SMS) if you don’t know the sender or if you’re not expecting the communication. If you don’t know who sent you the email or SMS, delete it.
- You can check an email address by looking at the sender's email address closely, previewing in a window, or hovering over the URL to see if it looks strange.
- Scan email attachments for malware and viruses before opening them
- Don’t automatically trust a SMS that looks like it’s from a familiar number as this can be secretly used as a ‘mask’ by scammers.
- Don’t give out your personal details unless you’re confident the recipient is a trusted party.
- Confirm the legitimacy of a website, phone call or SMS before you make online payments, download files, or provide personal information.
- Question and verify requests to provide, update, validate or confirm your personal or account information in an unexpected way, even if it looks like it’s from your bank or an organisation you know and trust. If in doubt, contact the organisation.
- Only download software and files from reputable websites you trust.
- Don’t use public computers or Wi-Fi hotspots to access or provide personal information.
Scams come in many forms – email, mail, phone and online. If you think you’ve received a scam or hoax email, SMS or phone call, don’t:
- Click on any links
- Open attachments
- Provide the information requested
If you click on a link or open an attachment by accident, run a full security scan of your computer using reputable security software.
It’s important to report scams as soon as possible to let the appropriate organisation investigate the scam and help prevent others being affected.
To report a scam to EnergyAustralia:
- Send the hoax email or scam details to firstname.lastname@example.org. Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else.
- Once you’ve sent the hoax email to email@example.com, delete it from your inbox immediately. Then empty your Deleted Items folder.
Note: We can’t respond directly to individual emails. You’ll receive an automated reply as a confirmation that we’ve received your email and are acting upon it.
If you believe your account or personal details have been compromised, contact us immediately on 1800 171 397.
Check the SCAMwatch website scamwatch.gov.au for examples of recent scams or hoaxes you should be aware of. You can also subscribe to receive regular updates on the latest scams.
Report all non-EnergyAustralia related scams to the Australian Competition and Consumer Commission (ACCC) on the SCAMwatch website at scamwatch.gov.au or a state or territory fair trading authority. If you think you’ve provided your bank account details to a scammer, contact your bank or financial institution immediately.