Massive utility scam campaign spreads via online ads


For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away.

Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they can.

This scam has been going on for years and usually starts with an unexpected phone call and, in some cases, a visit to your door. Obviously the phone call side of the scam is much more scalable and means the scam can be done from overseas.

However, criminals know that victims are more likely to be tricked if they were the ones who initiated the call. In a recent investigation, we discovered a prolific campaign of fraudulent ads shown to users via Google searches. To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases.

This blog post has two purposes: the first one is to draw awareness to this problem by showing how it works. Secondly, we’ve collected and shared as many ads and fake sites as we could in the hope that action will be taken, with hopefully some cost for the scammers.

Fraudulent utility scam ads

The scam begins when a user searches for keywords related to their energy bill. The ads are shown to mobile devices only, which makes sense given how often people use their phones. Also, the ads are geolocated, so that they are relevant to the user’s location.

We found 28 advertisers with over 300 ads, most of them registered by individuals from Pakistan. We have also seen legitimate but hacked advertiser accounts belonging to US entities that were abused. We didn’t investigate further into the whereabouts and identities of the scammers, but we should note that Pakistan is a possible location.

In most cases, tapping on the ad will not open a new website, but instead will prompt you to dial a phone number. This is exactly what the crooks want as many people will have no idea that an ad approved by Google could possibly be fraudulent.

The utility scam often works by threatening and scaring victims into making poor decisions. An unpaid bill, or an offer that is too good to be true and must be accepted immediately are some of their tactics. Once you’ve made that phone call, you’re already in their hands and very close to losing a significant amount of money.

The scammers may even redirect you to their website to “prove” that they are legitimate. Those sites are often credible enough for a victim to feel like they are doing the right thing, but that couldn’t be further from the truth.

Large scamming infrastructure

The crooks have registered dozens of different domains names and built templates that appear related to energy or utility savings. The sites are quite simple and consist of one main page with some customer-centric text and one or multiple phone numbers.

We can usually deduce they are fraudulent by looking up their registration date as well as connecting them with search ads.

However, that might not be enough to have them suspended without going through the whole process of calling the scammers, recording the interaction and showing that evidence. This type of investigation requires time and resources to be done properly. Perhaps one of the many scambaiters out there will look into it in the future.

In the meantime, we have tracked and reported as many domains as we could to the relevant registrars in the hope that some may take action and suspend them.

Keep your identity and money safe from scammers

This scam is widespread, and so our advice right now is to avoid clicking on any ad from search as the malicious ads largely outnumber the legitimate ones. You can tell it’s an ad as it will be labelled “Sponsored” or “Ad”.

Here are some additional tips:

  • Watch out for a sense of urgency. Scammers will often threaten to cut your power immediately. This and similar scare tactics are meant to pressure you into making hasty decisions. Take the time to look things up or speak to a friend before you do anything.
  • Never disclose personal details over the phone without being absolutely certain you are talking to the right person. If in doubt, hang up the phone and look for the official phone number from your energy company, perhaps from a past bill. Do not trust any phone number that appears on an online ad.
  • Beware requests for money transfers or prepaid cards. These are a huge sign you are dealing with criminals. Again, take your time to think it over even if just for a few hours. Scammers tend to be so impatient they will make all sorts of claims to act right now, which should be a dead giveaway.
  • Contact your bank immediately if you think you’ve been scammed and wired money,. Change all your passwords and add a notice with your utility company that someone may attempt to impersonate you.
  • Report the scam to the proper authorities, which may be the FTC.

Malwarebytes protection

Malwarebytes is working with its partners to go after these scammers. We also provide protection if you are using our iOS app via the ad blocking feature which will disable search ads and other ads that may be targeting you.

Indicators of Compromise

Google advertiser accounts

Phone numbers

888[-]960[-]3984
888[-]315[-]9188
888[-]715[-]1808
888[-]873[-]0295
888[-]317[-]0580
888[-]316[-]0466
888[-]983[-]0288
888[-]439[-]0639
888[-]312[-]2983
844[-]967[-]9649
855[-]200[-]3417
888[-]842[-]0793
888[-]207[-]3713
833[-]435[-]0029
888[-]494[-]4956

888[-]928[-]6404
888[-]374[-]1693
888[-]834[-]1050
888[-]497[-]3560
888[-]960[-]2303
888[-]430[-]0128
800[-]353[-]5613
888[-]407[-]1004
855[-]216[-]2411
844[-]679[-]7635
888[-]483[-]2851
888[-]657[-]2401
888[-]580[-]0106
888[-]326[-]7299
888[-]870[-]2661

888[-]203[-]1692
855[-]428[-]7345
888[-]641[-]0108
888[-]960[-]0688
888[-]347[-]7462
888[-]448[-]0550
888[-]834[-]0998
888[-]470[-]8496
888[-]554[-]0461
855[-]980[-]1080
888[-]539[-]0722
866[-]685[-]0355
888[-]715[-]1806
888[-]960[-]2550
888[-]641[-]0096
888[-]996[-]5133

Scammer domains

360billingservices[.]com
aadigital[.]online
citrexsolutions[.]co
digitelcare[.]com
eco-designs[.]store
economical-deals[.]co
electricenergybundle[.]com
electricenergyservice[.]com
electricpowerdeal[.]com
energpaybill[.]com

energybilling[.]net
energybillservice[.]online
energycredits[.]online
energyhelpcenter[.]com
energypayment[.]shop
energypoweroffer[.]com
globalenergysolutionz[.]com
homeutilityservices[.]com
makeabillpayment[.]com
paysenergy[.]online

powerelectricoffers[.]com
qasmic[.]com
rebornsolutions[.]co
telecombilling[.]us
telecomcredits[.]us
thepowerpayllc[.]org
uenergyproviders[.]store
utilitybillsolution[.]site
utilitybillspayments[.]org
utilitydiscounts[.]store
utilityservices[.]us


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.



Source link