ESB text message scam.

My good friend Philipa Jane Farley shared a text message with me, which she received this morning. Her phone had classed it as Spam, but not all smartphones are created equal, so this ESB text message scam might get through.

The ESB text message

The message appears to have come from “ESB” and it cannot be replied to, which gives it a certain degree of legitimacy. If you have taken my training you will know that you simply cannot trust what number is calling you or texting you, as spoofing is so common.

The message says:

You are eligible for a discounted electricity bill under the Energy support scheme.

You can apply here: https[:]//register-electric-refund[.]com

I have “defanged” that link so you cannot go to the site accidentally.

If you go ahead and click the link, you will be taken to the following web site:

The “Government” information page

That looks remarkably like the ACTUAL Irish Government Website which is here:

https://www.gov.ie/en/publication/4ae14-electricity-costs-emergency-benefit-scheme/

That is, all except for the “Verify now” button at the bottom. The criminals have effectively cloned the majority of the government’s page on this scheme. None of the links work on the page that I tested … EXCEPT for that “Verify Now” button. 🤔

The “Registration” pages

Well, if you click that, the “government” now seems to want you to register for the scheme (which is automatically dealt with by the power supply companies), so you are first asked for some personal details:

When you hit “Continue, you will then be asked to provide some billing details.

Billing details?!??!!? I thought they were giving us money, not billing us?

Well, they are probably hoping that you are used to divulging your payment card details onto website.

They do validation on the card number and the page crashed on me as I was attempting to enter a potentially valid number, so I wasn’t able to find out what happened next, but presumably they will start buying stuff on your account!

So there it is … an ESB text message scam, that could just as easily be for any of the other providers, but it’s likely only going to be the ESB as they have the most customers in the country.

Let’s be careful out there.


How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person.

Contact us for more information at info@L2CyberSecurity.com.