How scammers used SEO to disguise themselves as an electric utility

Emma McGowan 28 Jul 2023

Just because that link comes from [your search engine here] doesn’t mean it’s a legitimate website.

Summer is at its height, and it’s a good time to go sit by the pool with a glass of iced tea, go out and see that hugely promoted film in a nice cool theater, or maybe relax at home in your favorite chair…in front of the air conditioner. 

And while you’re doing the latter, it might occur to you that you should keep an eye on your electricity bill. Like me, maybe you don’t remember the exact URL for your electric utility provider, so you type their name into the search bar and look for the right website. 

This is where an SEO phishing scam could catch you.  

SEO phishing, fake websites, and search engines 

We won’t get into the nitty gritty of search engine optimization (SEO), but to help better understand how this kind of phishing works, here’s the lightest of overviews. SEO is the shorthand for how website owners build their websites using phrases and keywords that attract the attention of search engines for certain subjects. The search engine will then suggest those sites when they’re a good match for your searched topics or keywords. 

The trouble is, most search engines don’t regularly go through each website to make sure they’re legitimate.  

As recently as late June, scammers created a fake website made to copy the look and feel of a legitimate utility company. By manipulating SEO along with other sophisticated techniques, their fake website was promoted near the top of the search results list—right next to the legitimate utility company website. 

Anyone who searched for the utility company would see the front-page result and potentially click on the wrong link. The fake website warned of an impending service interruption,. directed visitors to call a customer service line for help, and promised discounts on their utility bills for paying over the phone.  

The number, of course, connected callers directly to the cybercriminals themselves. Their representatives were standing by to take your credit card information. 

Best practices for defending against SEO phishing, deceptive links, and fake websites 

This kind of phishing, and in some variants spoofing, is part of the broad category of online scam where a bad actor wants you to click on a URL that leads you into their deception. Defending against fake links in emails and online search results requires a combination of vigilance, technological safeguards, and a healthy dose of skepticism. Here are a some strategies that can help protect you. 

Think twice: Under the header of Healthy Skepticism, it’s a good practice to always think twice about clicking on a link someone sends in an email or text message.  

Go directly to the site: If you get an email from your bank, a utility, or an online store, it doesn’t take too much time to open a browser window and go directly to the website in question. If the email is legitimate, you should see the same information on the business’s website.  

Check the URL first: If you’re on a laptop or a computer, it’s a great habit to look at the URL at the bottom-left of your browser when you hover your mouse over the link. Using this practice, whether in an email or online, you’ll always be able to tell if a link that says is or isn’t taking you to a website about farming. 

Heed warnings: Take note when your browser warns you about a link. Many web browsers have features that alert you when you are about to visit a potentially dangerous website. Make sure these features are enabled. Similarly, keep your operating system, web browser, and any security software up to date. These updates often contain patches for recently discovered security vulnerabilities. 

Invest in robust security software that includes anti-phishing capabilities. Tools like Avast can scan incoming emails for signs of phishing attempts, including fake links, and warn you before you click. 

Finally, continue to educate yourself. There are many online resources and courses available that can help you better understand how to spot and avoid online scams of all kinds. As cyber threats continue to evolve, staying informed is one of the best defenses. 

--> -->