Now that a second wave of cold caused by the polar vortex is set to hit the United States, no one wants to have problems with their energy company. Cybercriminals are aware of it, which is why they’ve started sending out malicious Pacific Gas and Electric (PG&E) emails.
The fake emails carry the subject line “Gas and Electric Usage Statement.” They inform recipients of an amount of money they still have to pay for utilities. Users are instructed to click on a link to access their accounts and view their statements.
However, the link doesn’t point to the PG&E website, but to a malicious page that’s set up to serve a variant of the Kuluoz malware, a Trojan that’s designed to download additional threats onto infected computers, Hoax Slayer reports.
PG&E is aware of the spam run. The company also warns customers of a telephone scam.
“It’s unacceptable that someone is trying to take advantage of our customers and others,” noted Helen Burt, the utility’s chief customer officer and a senior vice president.
“We take our customers’ security very seriously and under no circumstances would we email anyone to request that they provide personal information without first logging into My Energy or calling us.”
The matter has been reported to authorities. The energy company highlights that there has been no security breach, and that the information contained in the notifications sent out by scammers is bogus.
PG&E is not the only company whose name is leveraged in a malware campaign. Earlier this month, experts spotted fake Atmos Energy notifications designed to distribute malware.
In case you’re a victim of this attack, regularly scan your computer with an updated antivirus solution to make sure it’s not infected. To avoid falling victim to such cybercriminal schemes, refrain from clicking on links or attachments contained in unsolicited emails.