You search online to pay your water bill. A website pops up that looks official-familiar logo, professional layout, even the company name in the URL. You enter your payment information, and within hours, your bank account is drained.
This is exactly what's happening right now across the country, and the same attack is hitting customers in two very different places at the same time.
In Philadelphia, the Department of Revenue just warned water customers about a fake website, "myphillywaterbill.com," designed to scrape payment information. The bogus site used the title of the department's legitimate payment platform-MyPhillyWaterBill-while the official government page is www.phila.gov/waterbill.
Meanwhile, utility companies in North Alabama are seeing the same problem. "A customer may go looking for an online method to pay their bill, and what the internet spits back at them might not be legit," explained Joe Gehrdes of Huntsville Utilities.
Here's what makes this attack so dangerous: the criminals aren't just blasting out random emails. They're building websites that appear in your search results when you're actively trying to pay a legitimate bill. You're already in "payment mode," ready to enter your banking information. These fraudulent links lead unsuspecting victims to websites for third-party payment services that promise to pay bills for a small fee. While these services may actually pay utility bills, customer bank accounts are being emptied, or fraudulent charges appear on credit card statements afterwards.
Think about that for a moment. You pay your bill, the scammer actually forwards the payment to the utility company, and then they drain your account. You don't even realize you've been hit until your balance is zero.
So how do you protect yourself?
- Go directly to the source. Never search for your utility's payment portal. Type the official URL into your browser or use a bookmark you've saved. If you don't know the official address, call the number on your paper bill.
- Scrutinize the URL before entering anything. Scammers use addresses that look similar-extra letters, different domains, added words. If it's not exactly what you expect, close the browser.
- Be suspicious of third-party payment services. If a site promises to pay your bill for a "small fee," that's a red flag. Your utility company doesn't need an intermediary.
- Hang up and call back. If someone calls you, hang up and call your utility company's main number. You'll know you are talking to them and can verify your account status. Your utility will never ask for banking information over the phone.
- Report suspicious activity immediately. Anyone who believes they provided personal information to the fraudulent site should contact the FBI or the Internet Crime Complaint Center.
The convenience of online bill pay has become a weapon against us. Scammers know we're creatures of habit, and they're counting on us to trust what looks familiar.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------