Irish Water and Electric Ireland customers targeted in latest online scams

ESET Ireland warns of a new scamming campaign targeting Irish Water customers, as well as the re-appearance of an older scam which aims at Electric Ireland customers.

Wexford-based ESET Ireland’s cyber security experts are reporting a new surge of phishing emails, trying to scam Irish users for money. While scams abusing the names of known Irish banks are still doing the rounds, two latest scams are particularly prominent.

The first appears as an email purporting to come from Uisce Éireann/Irish Water, equipped with all the correct visuals and states:

IWfake0.jpg

“Irish Water is performing the annual account maintenance procedure. Please login to your account and complete the requested actions. Once logged in you will be guided to the rest of the process.”

IWreal
The real Irish Water login screen

The link takes the victim to a faked Irish Water website, hosted on an Israeli domain.

IWfake1
The fake Irish Water log in site, notice it looks exactly like the real one

There, after “logging in” a pop up appears, asking to “Please update your information and continue to your account,” which requires the debit or credit card information to be handed over.

IWfake2
The pop-up requesting the user’s Credit/Debit card info

The second one appears to be a similar re-run of an earlier scam, which targets Electric Ireland users. The email says “Your Electric Ireland REFUND NOTIFICATION is now available to view, please click here to log into online billing and view your refund status” and adds a call to action, by stating the refund will only happen a few days from now, so the potential victim would act impulsively:

EIfake0.jpg

“Your notification issue date is: 07 July 16, Your REFUND amount is: EUR 98.04, Refund period: 07 July – 09 July. This amount is now overdue please arrange payment details. An easy way to complete your refund is by Irish debit card.”

EIreal
The real Electric Ireland website

In this case, the link also leads to a faked Electric Ireland website, this one on a Romanian domain.

EIfake1
The fake Electric Ireland website

 

There after “logging in” a screen explains the “refund” and also asks for credit or debit card details.

EIfake2
The fake refund page, phishing for the user’s card info

In both cases, the victim isn’t just phished to hand their credit or debit card details to the cyber criminals, but also their login details to their Irish Water or Electric Ireland accounts, which could then be abused even further.

ESET Ireland recommends to Irish users not to click on any of the links in these fraudulent emails, but instead flag such emails as spam. Also pay close attention if the website’s address contains the https secure connection, to spot fraudulent websites. The real ones should look like this:

https0    https1

An Garda Síochána also recommends that cybercriminal activities like these, if spotted, should be reported at the local Garda station, so that law enforcement procedures against the scammers can be initiated.

by Urban Schrott, ESET Ireland


3 thoughts on “Irish Water and Electric Ireland customers targeted in latest online scams

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s