Online security

We have the following security measures to keep your password strong and your access to My Account secure:

• For My Account, create a password that’s a minimum of 12 characters long.
• Don’t use any of your last 4 passwords.
• Don’t use a password that you use for other accounts. 

Your account will be locked if an invalid password is entered more than five times.

My Account will automatically log you off after 10 minutes with no activity.

Access to My Account is encrypted using Secure Sockets Layer (SSL) encryption technology. SSL is an internet security protocol that provides an encrypted tunnel between your computer and the site you’re viewing. This tunnel lets you access and transmit sensitive information securely. This helps prevent others intercepting the data being sent between your computer and the site.

To confirm you’re on a secure or encrypted website, you should see that the “http” in the address line is replaced with “https” and there is a small padlock in the address line before the URL or in the status bar at the bottom of the browser window (depending which browser and version you are using).

You can double-click on the padlock to view the digital certificate details:

Some tips to help you protect your personal details online.

1. Secure your computer or mobile device

• Install reputable security software to protect your computer, tablet or smartphone from malware, viruses and spyware.
• Set your operating system and security software to update automatically.
• Turn on your pop-up blocker (note: you will need to turn the pop-blocker off to view your bills in your EnergyAustralia My Account).

2. Protect your online accounts

• Use strong passwords for all your online accounts. We recommend a minimum of 12 characters.
• Use a reputable password manager app
• A useful suggestion is to use a passphrase made up of three or more random words combined with special characters
• Use different passwords for different activities and change them regularly.
• Select ‘no’ when your computer or mobile offers to automatically remember your login ID or password for websites or applications.
• Make sure you log out of My Account when you’ve finished using it. Then others can’t view your account and personal details if the computer is unattended. Do this for all your online accounts.

A 'phish' is a disguised email that tries to lure you into doing something you shouldn't do, like entering your password into a fake website or downloading malicious software.

Clicking on links may inadvertently allow a cyber-criminal to get into accounts and steal money or intellectual property, copy or encrypt data, or disrupt technology systems.

Smishing is a form of phishing, occurring via SMS texts. Vishing is also a form of phishing, through voice calls over the phone.

Phishing that is targeted at specific individuals is known as 'spear phishing'. In these cases, cyber-criminals research their target and tailor the message to match their situation.

To avoid being phished, smished or vished:

• Don’t open attachments, emails or click on links in text messages (SMS) if you don’t know the sender or if you’re not expecting the communication. If you don’t know who sent you the email or SMS, delete it. 
• To check whether an email address might be fraudulent, examine the sender’s address carefully. If you suspect the address is different from what you would expect, or it looks like one or more letters has been subtly disguised, do not click or reply. Delete the email promptly. 
•  You can check where a URL address takes you by hovering over it with your mouse. If the address is very different from the expected address of the company, be wary about clicking on any links.
• Scan email attachments for malware and viruses before opening them
• Don’t automatically trust a SMS that looks like it’s from a familiar number as this can be secretly used as a ‘mask’ by scammers. 
• Don’t give out your personal details unless you’re confident the recipient is a trusted party.
• Be cautious. Before you download files, give personal information or make online payments, be certain you confirm the website address is who it says it is – make a phone call or check the address on a past bill. Take a few moments to be safe. 
• Question and verify requests to provide, update, validate or confirm your personal or account information in an unexpected way, even if it looks like it’s from your bank or an organisation you know and trust. If in doubt, contact the organisation.
• Only download software and files from reputable websites you trust.
• Don’t use public computers or Wi-Fi hotspots to access or provide personal information.

Scams come in many forms – email, mail, phone and online. If you think you’ve received a scam or hoax email, SMS or phone call, don’t:

• Click on any links
• Open attachments
• Provide the information requested

If you click on a link or open an attachment by accident, run a full security scan of your computer using reputable security software.

It’s important to report scams as soon as possible to let the appropriate organisation investigate the scam and help prevent others being affected.

To report a scam to EnergyAustralia:

• Send the hoax email or scam details to staysafe@energyaustralia.com.au. Please send the hoax email as an attachment if possible. Don’t forward the hoax email to anyone else.
• Once you’ve sent the hoax email to staysafe@energyaustralia.com.au, delete it from your inbox immediately. Then empty your Deleted Items folder.

Note: We can’t respond directly to individual emails. You’ll receive an automated reply as a confirmation that we’ve received your email and are acting upon it.

If you believe your account or personal details have been compromised, contact us immediately on 133 466

Check the SCAMwatch website scamwatch.gov.au for examples of recent scams or hoaxes you should be aware of. You can also subscribe to receive regular updates on the latest scams.

Report all non-EnergyAustralia related scams to the Australian Competition and Consumer Commission (ACCC) on the SCAMwatch website at scamwatch.gov.au or a state or territory fair trading authority. If you think you’ve provided your bank account details to a scammer, contact your bank or financial institution immediately.