Fake E.ON refund emails are making rounds in the UK ahead of Christmas, Bitdefender Antispam Lab warns

In the aftermath of Russia’s invasion of Ukraine, Europe has been hit by an overwhelming energy crisis and surging costs that threaten the wellbeing of millions of individuals.

Unfortunately, increased price caps and soaring energy bills have also provided scammers with more leeway in their attempts to defraud unwary consumers.

Beginning Dec. 14, Bitdefender Antispam Lab spotted a new wave of phishing emails impersonating E.ON, one of Europe’s largest energy providers.

The fraudulent correspondence, directed at customers in the UK, claims that recipients are eligible for an £85 refund due to a billing error.

“Our system indicated that an error in our billing procedures has led to an overcharge on your latest payment to us,” the bogus notification email reads. “Our accounting department has concluded that you are eligible for a refund of £85 GBP.”

The subject line used in one of the analyzed samples cites the “Government energy scheme,” which suggests that threat actors are paying attention to local developments, including the announcement of the UK’s energy bills support scheme that promises automatic and non-repayable discounts to help households through the cold season.

The fact that fraudsters are leveraging the name of energy suppliers comes as no surprise. According to our analysis, the attackers are recycling a message that has been circulating since at least January of 2022. Action Fraud, the UK’s national reporting center for fraud and cybercrime, reported a similar campaign in May 2022.

Clicking the link embedded in the fake email directs users to a copycat website where they are prompted to enter their credentials. The phishing emails are designed to steal not only these credentials, but also any personal and financial information you may be asked to confirm to seek the “refund.”

To protect your accounts and financial wellbeing, always inspect unsolicited messages from your energy and gas suppliers, and never submit personal or financial information via email, instant messages or texts.

If you’re not sure whether the message is a scam, contact your service provider by heading to the official website using your browser. Don’t forget to report any suspicious activity or fraud to local authorities and bank.

Let us take care of your devices this holiday season with a comprehensive all-in-one security suite for a scam-free holiday season.

Sit back and enjoy quality time with your friends while we protect the digital you, your money and privacy with plenty of handy features:

• Real-time protection against cyberthreats (trojans, worms, viruses, zero-day, ransomware, spyware, rootkits, exploits) on Windows, Android, iOS and macOS
• Cross-platform Password Manager and Premium VPN with unlimited traffic for your privacy
• Anti-phishing module that detects and blocks sites disguised as legitimate to steal your credentials or assets
• Anti-fraud filtering system that notifies you of potential website scams
• Dedicated browser – Bitdefender Safepay (for Windows only) – to keep your online shopping and banking transactions private
• Chat Protection for instant messaging apps on Android-enabled devices
• Identity theft protection, depending on your location and chosen plan