{"id":23958,"date":"2024-02-15T09:10:08","date_gmt":"2024-02-15T17:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/02\/15\/news-17688\/"},"modified":"2024-02-15T09:10:08","modified_gmt":"2024-02-15T17:10:08","slug":"news-17688","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/02\/15\/news-17688\/","title":{"rendered":"Massive utility scam campaign spreads via online ads"},"content":{"rendered":"\n

For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away.<\/p>\n

Enter the utility scam<\/a>, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they can.<\/p>\n

This scam has been going on for years and usually starts with an unexpected phone call and, in some cases, a visit to your door. Obviously the phone call side of the scam is much more scalable and means the scam can be done from overseas.<\/p>\n

However, criminals know that victims are more likely to be tricked if they were the ones who initiated the call. In a recent investigation, we discovered a prolific campaign of fraudulent ads shown to users via Google searches. To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases.<\/p>\n

This blog post has two purposes: the first one is to draw awareness to this problem by showing how it works. Secondly, we’ve collected and shared as many ads and fake sites as we could in the hope that action will be taken, with hopefully some cost for the scammers.<\/p>\n

Fraudulent utility scam ads<\/h2>\n

The scam begins when a user searches for keywords related to their energy bill. The ads are shown to mobile devices only, which makes sense given how often people use their phones. Also, the ads are geolocated, so that they are relevant to the user’s location.<\/p>\n

\"\"<\/figure>\n

We found 28 advertisers with over 300 ads, most of them registered by individuals from Pakistan. We have also seen legitimate but hacked advertiser accounts belonging to US entities that were abused. We didn’t investigate further into the whereabouts and identities of the scammers, but we should note that Pakistan is a possible location.<\/p>\n

In most cases, tapping on the ad will not open a new website, but instead will prompt you to dial a phone number. This is exactly what the crooks want as many people will have no idea that an ad approved by Google could possibly be fraudulent.<\/p>\n

\"\"<\/figure>\n

The utility scam often works by threatening and scaring victims into making poor decisions. An unpaid bill, or an offer that is too good to be true and must be accepted immediately are some of their tactics. Once you’ve made that phone call, you’re already in their hands and very close to losing a significant amount of money.<\/p>\n

The scammers may even redirect you to their website to “prove” that they are legitimate. Those sites are often credible enough for a victim to feel like they are doing the right thing, but that couldn’t be further from the truth.<\/p>\n

Large scamming infrastructure<\/h2>\n

The crooks have registered dozens of different domains names and built templates that appear related to energy or utility savings. The sites are quite simple and consist of one main page with some customer-centric text and one or multiple phone numbers.<\/p>\n

We can usually deduce they are fraudulent by looking up their registration date as well as connecting them with search ads.<\/p>\n

\"\"<\/figure>\n

However, that might not be enough to have them suspended without going through the whole process of calling the scammers, recording the interaction and showing that evidence. This type of investigation requires time and resources to be done properly. Perhaps one of the many scambaiters out there will look into it in the future.<\/p>\n

In the meantime, we have tracked and reported as many domains as we could to the relevant registrars in the hope that some may take action and suspend them.<\/p>\n

\"\"<\/figure>\n

Keep your identity and money safe from scammers<\/h2>\n

This scam is widespread, and so our advice right now is to avoid clicking on any ad from search as the malicious ads largely outnumber the legitimate ones. You can tell it’s an ad as it will be labelled “Sponsored” or “Ad”. <\/p>\n

Here are some additional tips:<\/p>\n