Phishy calls and emails play on energy cost increase fears

Credit to Author: Christopher Boyd| Date: Sun, 07 Aug 2022 09:41:12 +0000

Gas and electricity price concerns are rife at the moment, with spiralling costs and bigger increases waiting down the line. Sadly this makes the subject valuable material for fraudsters, playing into people’s fears with a dash of social engineering to make them worse off than they were previously.

Warnings abound of several energy / cost of living-themed scams doing the rounds. Shall we take a look?

Identifiers of an attack

These attacks target individuals living in countries where oil or electricity prices are a concern. If you have an imminent set of price increases on the horizon, you may be a target. Phone calls, emails, whatever it takes to extract some cash. The UK is a particularly hot flashpoint for these fraud attempts at the moment.

The senders will typically claim to be from an organisation with authority. Maybe an energy watchdog, or a consumer rights group, or maybe an energy company.

Refunds, rebates, and discounts generally are the order of the day. There’s a number of schemes along these lines at the moment due to be rolled out, and you can expect fraudsters to ride on their coat tails.

Energy refund scam types

Fake rebates

This scam involves cold calling and a spin on the (genuine) rebate plan put together by the British Government. Fraudsters inform potential victims that they need to hand over bank details in order to qualify. Normally we’d say “this is not true”. However: There are some cases where people do hand over payment information. Local councils in the UK have reached out to many people pre-emptively to arrange rebate payments. Where the scammers have an angle is that lots of other residents have not been contacted.

In those cases, the onus is on the individual to reach out and apply. They can choose to have the rebate applied to their next local council bill, or have the money paid directly into their bank account. To do this, they need to hand over payment details. The caveat is that the person applying does this themselves, on their local council website. Nobody should be cold-calling asking for payment information.

Ofgem impersonators

Fraudsters are claiming to represent Ofgem, Britain’s independent energy regulator. They claim to be able to help you get a better energy deal and then ask for your payment details. These attacks come via text and email, and have been around for at least a month or so. Some of these also tap into the rebate scam, claiming to offer a “secure application” which is really just a phishing website.

Fake energy company refunds

This is a fairly common scam, just like fake tax refunds during tax season. They are definitely more relevant during the current energy crisis though. In this case, we’re talking fake refunds and a double-threat attack technique. The victim is lured in with emails offering a refund. Once the information is taken by the phishing website, the scammer calls the victim claiming to be working on behalf of their bank. The scammer goes on to highlight several types of fraud to be wary of, all the while trying to extract around $1,200 during the call.

How to avoid these threats

  • Any email or phone call asking for payment information is not going to be legitimate. You should also never be asked for login details for your online banking or other accounts from a cold-caller.
  • If you receive an unexpected call about energy prices or rebates, Insist on calling “them” back on their official number, taken from an official website, directly. If the caller objects to this, that’s an immediate red flag. A genuine caller would have no possible reason to object to this.
  • Bogus fake energy company websites are very popular and easy to set up. Visit the official website listed in official correspondence only, and pay close attention to URLs sent to you by text or email.

Stay safe out there!

The post Phishy calls and emails play on energy cost increase fears appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/