www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
URL:
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/massive-utility-scam-campaign-spreads-via-online-ads
Submission: On February 16 via api from TR — Scanned from DE
Submission: On February 16 via api from TR — Scanned from DE
Form analysis 4 forms found in the DOM
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/threat-intelligence/2024/02/massive-utility-scam-campaign-spreads-via-online-ads">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>Text Content
Skip to content
Search
Search Malwarebytes.com
Search for:
* Contact Us
* Personal Support
* Business Support
* Talk to Sales
* Contact Press
* Partner Programs
* Submit Vulnerability
* Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
* Personal
< Personal
Products
* Malwarebytes Premium >
* Malwarebytes Privacy VPN >
* Malwarebytes Identity Theft Protection >
* Malwarebytes Browser Guard >
* Malwarebytes for Teams/small offices >
* AdwCleaner for Windows >
--------------------------------------------------------------------------------
Find the right product
See our plans
Infected already?
Clean your device now
Solutions
* Free antivirus >
* Free virus scan & removal >
* Windows antivirus >
* Mac antivirus >
* Android antivirus >
* iOS security >
* Chromebook antivirus >
See personal pricing
Manage your subscription
Visit our support page
* Business
< Business
BUNDLES
* Core
* Prevent and remediate threats and identify vulnerabilities
* Advanced
* Utilize threat guidance and patch management plus everything in Core
* Elite
* Deploy Managed Detection and Response plus everything in Advanced
* Ultimate
* Protect against categories of malicious websites plus everything in Elite
TECHNOLOGY HIGHLIGHTS
* Managed Detection & Response (MDR)
* Deploy fully-managed threat monitoring, investigation, and remediation
* Endpoint Detection & Response (EDR)
* Prevent more attacks with security that catches what others miss
* Security Advisor
* Visualize and optimize your security posture in just minutes
* For Education
* Secure your students and institution against cyberattacks
Learn more about Security Advisor (available in every bundle) and see the
full list of our products and services.
Full technology list >
* Pricing
< Pricing
Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing
Explore our award-winning endpoint security products, from EP to EDR to MDR
* Partners
< Partners
Explore Partnerships
Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Affiliate Partners
Contact Us
* Resources
< Resources
Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
Malwarebytes Labs – Blog
* Glossary
* Threat Center
Business Resources
* Reviews
* Analyst Reports
* Case Studies
Press & News
Reports
The State of Malware 2023 Report
Read report
* Support
< Support
Technical Support
* Personal Support
* Business Support
* Premium Services
* Forums
* Vulnerability Disclosure
* Report a False Positive
Featured Content
* Activate Malwarebytes Privacy on Windows device.
See Content
Product Videos
Free Download
* Contact Us
* < Contact Us
* Personal Support
* Business Support
* Talk to Sales
* Contact Press
* Partner Programs
* Submit Vulnerability
* Company
* < Company
* About Malwarebytes
* Careers
* News & Press
* Sign In
* < Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
Search Search
Search Malwarebytes.com
Search for:
SUBSCRIBE rss
Scams | Threat Intelligence
MASSIVE UTILITY SCAM CAMPAIGN SPREADS VIA ONLINE ADS
Posted: February 15, 2024 by Malwarebytes Labs
For many households, energy costs represent a significant part of their overall
budget. And when customers want to discuss their bills or look for ways to save
money, scammers are just a phone call away.
Enter the utility scam, where crooks pretend to be your utility company so they
can threaten and extort as much money from you as they can.
This scam has been going on for years and usually starts with an unexpected
phone call and, in some cases, a visit to your door. Obviously the phone call
side of the scam is much more scalable and means the scam can be done from
overseas.
However, criminals know that victims are more likely to be tricked if they were
the ones who initiated the call. In a recent investigation, we discovered a
prolific campaign of fraudulent ads shown to users via Google searches. To give
an idea of scale, the number of ads we found exceeds what we have found in
previous malvertising cases.
This blog post has two purposes: the first one is to draw awareness to this
problem by showing how it works. Secondly, we’ve collected and shared as many
ads and fake sites as we could in the hope that action will be taken, with
hopefully some cost for the scammers.
FRAUDULENT UTILITY SCAM ADS
The scam begins when a user searches for keywords related to their energy bill.
The ads are shown to mobile devices only, which makes sense given how often
people use their phones. Also, the ads are geolocated, so that they are relevant
to the user’s location.
We found 28 advertisers with over 300 ads, most of them registered by
individuals from Pakistan. We have also seen legitimate but hacked advertiser
accounts belonging to US entities that were abused. We didn’t investigate
further into the whereabouts and identities of the scammers, but we should note
that Pakistan is a possible location.
In most cases, tapping on the ad will not open a new website, but instead will
prompt you to dial a phone number. This is exactly what the crooks want as many
people will have no idea that an ad approved by Google could possibly be
fraudulent.
The utility scam often works by threatening and scaring victims into making poor
decisions. An unpaid bill, or an offer that is too good to be true and must be
accepted immediately are some of their tactics. Once you’ve made that phone
call, you’re already in their hands and very close to losing a significant
amount of money.
The scammers may even redirect you to their website to “prove” that they are
legitimate. Those sites are often credible enough for a victim to feel like they
are doing the right thing, but that couldn’t be further from the truth.
LARGE SCAMMING INFRASTRUCTURE
The crooks have registered dozens of different domains names and built templates
that appear related to energy or utility savings. The sites are quite simple and
consist of one main page with some customer-centric text and one or multiple
phone numbers.
We can usually deduce they are fraudulent by looking up their registration date
as well as connecting them with search ads.
However, that might not be enough to have them suspended without going through
the whole process of calling the scammers, recording the interaction and showing
that evidence. This type of investigation requires time and resources to be done
properly. Perhaps one of the many scambaiters out there will look into it in the
future.
In the meantime, we have tracked and reported as many domains as we could to the
relevant registrars in the hope that some may take action and suspend them.
KEEP YOUR IDENTITY AND MONEY SAFE FROM SCAMMERS
This scam is widespread, and so our advice right now is to avoid clicking on any
ad from search as the malicious ads largely outnumber the legitimate ones. You
can tell it’s an ad as it will be labelled “Sponsored” or “Ad”.
Here are some additional tips:
* Watch out for a sense of urgency. Scammers will often threaten to cut your
power immediately. This and similar scare tactics are meant to pressure you
into making hasty decisions. Take the time to look things up or speak to a
friend before you do anything.
* Never disclose personal details over the phone without being absolutely
certain you are talking to the right person. If in doubt, hang up the phone
and look for the official phone number from your energy company, perhaps from
a past bill. Do not trust any phone number that appears on an online ad.
* Beware requests for money transfers or prepaid cards. These are a huge sign
you are dealing with criminals. Again, take your time to think it over even
if just for a few hours. Scammers tend to be so impatient they will make all
sorts of claims to act right now, which should be a dead giveaway.
* Contact your bank immediately if you think you’ve been scammed and wired
money,. Change all your passwords and add a notice with your utility company
that someone may attempt to impersonate you.
* Report the scam to the proper authorities, which may be the FTC.
MALWAREBYTES PROTECTION
Malwarebytes is working with its partners to go after these scammers. We also
provide protection if you are using our iOS app via the ad blocking feature
which will disable search ads and other ads that may be targeting you.
INDICATORS OF COMPROMISE
Google advertiser accounts
Advertiser nameAdvertiser IDNumber of
adsTelesoftN/A1Digitron041702446411798282254Syed muhammad
Adnan0815763771552169984115Progressix021497584344786534412Umair
Jameel118993695182096957451Laiba Mazhar142483375724880199691Syed Shahmeer
Hussain122652724194044805136Snow TechN/A1Muhammad
Pirzada12480474916866490369145Eco Designs (Private)
Limited170134670670278164495Right Path Solutions1137004895255763353721Rehman
Munawar069066459584701399051ANDREW PAUL GUZMAN0904533890792685568117Economical
Deals090457087217909104654Qasim
Ahmed1576881674328945459320Summaira145962691279254978573Citrex Solutions
(Private) Limited1664898899546367590519Get Energy
Promo080746098816565903376Brightboost LLC077442565278500126735AA DIGITAL LABS
(SMC-PRIVATE) LIMITED108713925292536627211Malik Muhammad Shahroz
IbrahimN/A1HongKong AdTiger Media Co., Limited145673503915670241291Mah
Noor0768194500488069120112Usama Ashfaq067118523896844779532Ali
Raza0453498429343216435315Muhammad Usman Tariq177234339915093770255SHABNUM
FATIMA SHAH025369591851411046414QASMIC L.L.C-FZ113218071926941941771
Phone numbers
888[-]960[-]3984
888[-]315[-]9188
888[-]715[-]1808
888[-]873[-]0295
888[-]317[-]0580
888[-]316[-]0466
888[-]983[-]0288
888[-]439[-]0639
888[-]312[-]2983
844[-]967[-]9649
855[-]200[-]3417
888[-]842[-]0793
888[-]207[-]3713
833[-]435[-]0029
888[-]494[-]4956
888[-]928[-]6404
888[-]374[-]1693
888[-]834[-]1050
888[-]497[-]3560
888[-]960[-]2303
888[-]430[-]0128
800[-]353[-]5613
888[-]407[-]1004
855[-]216[-]2411
844[-]679[-]7635
888[-]483[-]2851
888[-]657[-]2401
888[-]580[-]0106
888[-]326[-]7299
888[-]870[-]2661
888[-]203[-]1692
888[-]203[-]1692
855[-]428[-]7345
888[-]641[-]0108
888[-]960[-]0688
888[-]347[-]7462
888[-]448[-]0550
888[-]834[-]0998
888[-]470[-]8496
888[-]554[-]0461
855[-]980[-]1080
888[-]539[-]0722
866[-]685[-]0355
888[-]715[-]1806
888[-]960[-]2550
888[-]641[-]0096
888[-]996[-]5133
888[-]364[-]6914
Scammer domains
360billingservices[.]com
aadigital[.]online
citrexsolutions[.]co
digitelcare[.]com
eco-designs[.]store
economical-deals[.]co
electricenergybundle[.]com
electricenergyservice[.]com
electricpowerdeal[.]com
energpaybill[.]com
energybilling[.]net
energybillservice[.]online
energycredits[.]online
energyhelpcenter[.]com
energypayment[.]shop
energypoweroffer[.]com
globalenergysolutionz[.]com
homeutilityservices[.]com
makeabillpayment[.]com
paysenergy[.]online
powerelectricoffers[.]com
qasmic[.]com
rebornsolutions[.]co
telecombilling[.]us
telecomcredits[.]us
thepowerpayllc[.]org
uenergyproviders[.]store
utilitybillsolution[.]site
utilitybillspayments[.]org
utilitydiscounts[.]store
utilityservices[.]us
utilitiesbillingservices[.]com
--------------------------------------------------------------------------------
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your
mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android
today.
SHARE THIS ARTICLE
RELATED ARTICLES
News | Privacy
FACEBOOK MARKETPLACE USERS’ STOLEN DATA OFFERED FOR SALE
February 15, 2024 - Personal data belonging to 200,000 Facebook Marketplace
users has been published online, including email addresses and phone numbers.
CONTINUE READING 0 Comments
Cybercrime | Ransomware | Threats
HOW RANSOMWARE CHANGED IN 2023
February 14, 2024 - In 2023, the CL0P ransomware gang broke the scalability
barrier and shook the security world with a series of short, automated
campaigns.
CONTINUE READING 0 Comments
News | Personal
MALWAREBYTES CRUSHES MALWARE ALL THE TIME
February 14, 2024 - The PC Security Channel tested Malwarebytes against 2015
files. Here's how we did.
CONTINUE READING 0 Comments
Exploits and vulnerabilities | News
UPDATE NOW! MICROSOFT FIXES TWO ZERO-DAYS ON FEBRUARY PATCH TUESDAY
February 14, 2024 - Microsoft has issued patches for 73 security vulnerabilities
in its February 2024 Patch Tuesday.
CONTINUE READING 0 Comments
Android | News | Personal
THETRUTHSPY STALKERWARE, STILL INSECURE, STILL LEAKING DATA
February 13, 2024 - Stalkerware app TheTruthSpy has been hacked for the fourth
time, once again leaking the sensitive data it captures.
CONTINUE READING 0 Comments
ABOUT THE AUTHOR
Malwarebytes Labs
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
FOR PERSONAL
* Windows Antivirus
* Mac Antivirus
* Android Antivirus
* Free Antivirus
* VPN App (All Devices)
* Malwarebytes for iOS
* SEE ALL
COMPANY
* About Us
* Contact Us
* Careers
* News and Press
* Blog
* Scholarship
* Forums
FOR BUSINESS
* Small Businesses
* Mid-size business
* Larger Enterprise
* Endpoint Protection
* Endpoint Detection & Response
* Managed Detection and Response (MDR)
FOR PARTNERS
* Managed Service Provider (MSP) Program
* Resellers
MY ACCOUNT
Sign In
SOLUTIONS
* Rootkit Scanner
* Trojan Scanner
* Virus Scanner
* Spyware Scanner
* Password Generator
* Anti Ransomware Protection
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
LEARN
* Malware
* Hacking
* Phishing
* Ransomware
* Computer Virus
* Antivirus
* What is VPN?
* Twitter
* Facebook
* LinkedIn
* Youtube
* Instagram
CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Email Address
English
* Legal
* Privacy
* Accessibility
* Vulnerability Disclosure
* Terms of Service
© 2024 All Rights Reserved
Select your language
* English
* Deutsch
* Español
* Français
* Italiano
* Português (Portugal)
* Português (Brasil)
* Nederlands
* Polski
* Pусский
* 日本語
* Svenska
This site uses cookies in order to enhance site navigation, analyze site usage
and marketing efforts. Please see our privacy policy for more information.
Privacy Policy
Cookies Settings Decline All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE AND FUNCTIONALITY
Performance and Functionality
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
ANALYTICS
Analytics
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
ADVERTISING
Advertising
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Decline All Confirm My Choices