Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
malwarebytesMalwarebytes blogMALWAREBYTES:105544102278981E44928FFF01530A08
HistoryJun 04, 2024 - 9:05 p.m.

US residents targeted by utility scammers on Google

2024-06-0421:05:33
Malwarebytes blog
www.malwarebytes.com
5
fraudulent ads
utility scams
identity theft
extortion
google ads
mobile targeting
us residents
scammer domains
consumer protection
ftc article
vigilance
utility company website

7.2 High

AI Score

Confidence

Low

JSON

Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them.

A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.-based entities.

Utility-based ads targeting mobile phones

It only took us 15 minutes to find about a dozen fraudulent ads on Google related to utility bills. This campaign is targeting mobile devices only, as far as we can tell, and U.S. residents. All the ads seen below belong to different advertisers based in Pakistan.

Some of those advertiser accounts have a fairly large footprint with several hundred ads.

Most often, the ad is not associated with a landing page (although a URL is displayed); instead clicking on the ad will bring up the phone number and prompt you to dial. Having said that, the domains used belong to the scammers and are often fairly new.

We also saw several ads that at first appear somewhat legitimate. They are registered to advertisers based in the US and their websites look almost authentic. But when you start checking the details, you realize some things don't add up, such as an address that leads to an apartment complex.

Consumer protection

The Federal Trade Commission (FTC) has an article about utility scams, however the technique mentioned there is about scammers calling victims, rather than the other way around. For good reason many people won't answer the phone when it shows an unknown number as it is likely yet another telemarketer. Certainly, there are victims that will answer the phone but the scam is much more effective when you are the one to initiate the call.

We have reported the fraudulent advertiser accounts to Google while we are also adding related domains to our blocklist. Remember to be extremely vigilant before calling anyone, especially if that number came from an advertisement. If in doubt, go directly to your utility company's website using a computer and then look for a form or phone number that you can verify before dialing.

Indicators of Compromise

Advertiser domains

thedealprovider[.]com  
metacobox[.]online  
billtechsolutions[.]online  
energybilling[.]solutions  
sharkcablesservices[.]com  
energyproviderss[.]com  
energybillingdept[.]com  
energybilling[.]today  
expertenergyservice[.]com

Phone numbers

888-615[-]9113  
800-347[-]7920  
800-350[-]1794  
888-326[-]7299  
888-825[-]9915  
888-614[-]3071  
888-849[-]1158  
800-347[-]7462  
800-642[-]6920

7.2 High

AI Score

Confidence

Low

JSON