A widespread malvertising campaign is attempting to trick users into paying phony utility bills, according to researchers at Malwarebytes.
“We discovered a prolific campaign of fraudulent ads shown to users via Google searches,” the researchers write.
“To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases....The scam begins when a user searches for keywords related to their energy bill. The ads are shown to mobile devices only, which makes sense given how often people use their phones. Also, the ads are geolocated, so that they are relevant to the user’s location.”
If a user clicks on the ad, their phone will prompt them to dial a number rather than taking them to the website. If a victim calls the number, they’ll be connected to a scammer.
“The utility scam often works by threatening and scaring victims into making poor decisions,” the researchers write. “An unpaid bill, or an offer that is too good to be true and must be accepted immediately are some of their tactics. Once you’ve made that phone call, you’re already in their hands and very close to losing a significant amount of money. The scammers may even redirect you to their website to ‘prove’ that they are legitimate. Those sites are often credible enough for a victim to feel like they are doing the right thing, but that couldn’t be further from the truth.”
Malwarebytes offers the following advice to help users avoid falling for these scams:
- “Watch out for a sense of urgency. Scammers will often threaten to cut your power immediately. This and similar scare tactics are meant to pressure you into making hasty decisions. Take the time to look things up or speak to a friend before you do anything."
- “Never disclose personal details over the phone without being absolutely certain you are talking to the right person. If in doubt, hang up the phone and look for the official phone number from your energy company, perhaps from a past bill. Do not trust any phone number that appears on an online ad."
- “Beware requests for money transfers or prepaid cards. These are a huge sign you are dealing with criminals. Again, take your time to think it over even if just for a few hours. Scammers tend to be so impatient they will make all sorts of claims to act right now, which should be a dead giveaway.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Malwarebytes has the story.