Headline
Massive utility scam campaign spreads via online ads
Malwarebytes researchers have discovered a prolific campaign of fraudulent energy ads shown to users via Google searches.
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away.
Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they can.
This scam has been going on for years and usually starts with an unexpected phone call and, in some cases, a visit to your door. Obviously the phone call side of the scam is much more scalable and means the scam can be done from overseas.
However, criminals know that victims are more likely to be tricked if they were the ones who initiated the call. In a recent investigation, we discovered a prolific campaign of fraudulent ads shown to users via Google searches. To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases.
This blog post has two purposes: the first one is to draw awareness to this problem by showing how it works. Secondly, we’ve collected and shared as many ads and fake sites as we could in the hope that action will be taken, with hopefully some cost for the scammers.
Fraudulent utility scam ads
The scam begins when a user searches for keywords related to their energy bill. The ads are shown to mobile devices only, which makes sense given how often people use their phones. Also, the ads are geolocated, so that they are relevant to the user’s location.
We found 28 advertisers with over 300 ads, most of them registered by individuals from Pakistan. We have also seen legitimate but hacked advertiser accounts belonging to US entities that were abused. We didn’t investigate further into the whereabouts and identities of the scammers, but we should note that Pakistan is a possible location.
In most cases, tapping on the ad will not open a new website, but instead will prompt you to dial a phone number. This is exactly what the crooks want as many people will have no idea that an ad approved by Google could possibly be fraudulent.
The utility scam often works by threatening and scaring victims into making poor decisions. An unpaid bill, or an offer that is too good to be true and must be accepted immediately are some of their tactics. Once you’ve made that phone call, you’re already in their hands and very close to losing a significant amount of money.
The scammers may even redirect you to their website to “prove” that they are legitimate. Those sites are often credible enough for a victim to feel like they are doing the right thing, but that couldn’t be further from the truth.
Large scamming infrastructure
The crooks have registered dozens of different domains names and built templates that appear related to energy or utility savings. The sites are quite simple and consist of one main page with some customer-centric text and one or multiple phone numbers.
We can usually deduce they are fraudulent by looking up their registration date as well as connecting them with search ads.
However, that might not be enough to have them suspended without going through the whole process of calling the scammers, recording the interaction and showing that evidence. This type of investigation requires time and resources to be done properly. Perhaps one of the many scambaiters out there will look into it in the future.
In the meantime, we have tracked and reported as many domains as we could to the relevant registrars in the hope that some may take action and suspend them.
Keep your identity and money safe from scammers
This scam is widespread, and so our advice right now is to avoid clicking on any ad from search as the malicious ads largely outnumber the legitimate ones. You can tell it’s an ad as it will be labelled “Sponsored” or “Ad”.
Here are some additional tips:
- Watch out for a sense of urgency. Scammers will often threaten to cut your power immediately. This and similar scare tactics are meant to pressure you into making hasty decisions. Take the time to look things up or speak to a friend before you do anything.
- Never disclose personal details over the phone without being absolutely certain you are talking to the right person. If in doubt, hang up the phone and look for the official phone number from your energy company, perhaps from a past bill. Do not trust any phone number that appears on an online ad.
- Beware requests for money transfers or prepaid cards. These are a huge sign you are dealing with criminals. Again, take your time to think it over even if just for a few hours. Scammers tend to be so impatient they will make all sorts of claims to act right now, which should be a dead giveaway.
- Contact your bank immediately if you think you’ve been scammed and wired money,. Change all your passwords and add a notice with your utility company that someone may attempt to impersonate you.
- Report the scam to the proper authorities, which may be the FTC.
Malwarebytes protection
Malwarebytes is working with its partners to go after these scammers. We also provide protection if you are using our iOS app via the ad blocking feature which will disable search ads and other ads that may be targeting you.
Indicators of Compromise
Google advertiser accounts
Advertiser name
Advertiser ID
Number of ads
Telesoft
N/A
1
Digitron
04170244641179828225
4
Syed muhammad Adnan
08157637715521699841
15
Progressix
02149758434478653441
2
Umair Jameel
11899369518209695745
1
Laiba Mazhar
14248337572488019969
1
Syed Shahmeer Hussain
12265272419404480513
6
Snow Tech
N/A
1
Muhammad Pirzada
12480474916866490369
145
Eco Designs (Private) Limited
17013467067027816449
5
Right Path Solutions
11370048952557633537
21
Rehman Munawar
06906645958470139905
1
ANDREW PAUL GUZMAN
09045338907926855681
17
Economical Deals
09045708721790910465
4
Qasim Ahmed
15768816743289454593
20
Summaira
14596269127925497857
3
Citrex Solutions (Private) Limited
16648988995463675905
19
Get Energy Promo
08074609881656590337
6
Brightboost LLC
07744256527850012673
5
AA DIGITAL LABS (SMC-PRIVATE) LIMITED
10871392529253662721
1
Malik Muhammad Shahroz Ibrahim
N/A
1
HongKong AdTiger Media Co., Limited
14567350391567024129
1
Mah Noor
07681945004880691201
12
Usama Ashfaq
06711852389684477953
2
Ali Raza
04534984293432164353
15
Muhammad Usman Tariq
17723433991509377025
5
SHABNUM FATIMA SHAH
02536959185141104641
4
QASMIC L.L.C-FZ
11321807192694194177
1
Phone numbers
888[-]960[-]3984
888[-]315[-]9188
888[-]715[-]1808
888[-]873[-]0295
888[-]317[-]0580
888[-]316[-]0466
888[-]983[-]0288
888[-]439[-]0639
888[-]312[-]2983
844[-]967[-]9649
855[-]200[-]3417
888[-]842[-]0793
888[-]207[-]3713
833[-]435[-]0029
888[-]494[-]4956
888[-]928[-]6404
888[-]374[-]1693
888[-]834[-]1050
888[-]497[-]3560
888[-]960[-]2303
888[-]430[-]0128
800[-]353[-]5613
888[-]407[-]1004
855[-]216[-]2411
844[-]679[-]7635
888[-]483[-]2851
888[-]657[-]2401
888[-]580[-]0106
888[-]326[-]7299
888[-]870[-]2661
888[-]203[-]1692
855[-]428[-]7345
888[-]641[-]0108
888[-]960[-]0688
888[-]347[-]7462
888[-]448[-]0550
888[-]834[-]0998
888[-]470[-]8496
888[-]554[-]0461
855[-]980[-]1080
888[-]539[-]0722
866[-]685[-]0355
888[-]715[-]1806
888[-]960[-]2550
888[-]641[-]0096
888[-]996[-]5133
Scammer domains
360billingservices[.]com
aadigital[.]online
citrexsolutions[.]co
digitelcare[.]com
eco-designs[.]store
economical-deals[.]co
electricenergybundle[.]com
electricenergyservice[.]com
electricpowerdeal[.]com
energpaybill[.]com
energybilling[.]net
energybillservice[.]online
energycredits[.]online
energyhelpcenter[.]com
energypayment[.]shop
energypoweroffer[.]com
globalenergysolutionz[.]com
homeutilityservices[.]com
makeabillpayment[.]com
paysenergy[.]online
powerelectricoffers[.]com
qasmic[.]com
rebornsolutions[.]co
telecombilling[.]us
telecomcredits[.]us
thepowerpayllc[.]org
uenergyproviders[.]store
utilitybillsolution[.]site
utilitybillspayments[.]org
utilitydiscounts[.]store
utilityservices[.]us
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.