Bitdefender Warns of Fake Energy Scams Using SMS Messages and Elon Musk's Likeness

Bitdefender has identified a malicious SMS campaign targeting the United States, taking advantage of the recent surge in visibility of Elon Musk, to sell a worthless device that will supposedly help people save money on electricity bills.  

Everybody wants to save some money, right? This is exactly what fraudsters count on when they contact people via SMS, trying to convince them to buy a device seemingly invented by Elon Musk.  

 SMS messages are often sent as part of malicious campaigns, with texts promising winnings or even threats and ultimatums. Generally, the messages'  primary goal is to persuade potential victims to click on a link.  

The link often sends users to a phishing website that collects their personal and financial information. It's also possible that following a link from an SMS message will eventually lead to the download of malware, and a compromised device. 

How the Scam Starts

We have identified several SMS campaigns that started in January. Some have ended, and at least one is still active. Bitdefender discovered that thousands of SMS messages have been sent and many of the domains used in the attack are still up. It's likely they will be used in new campaigns.  

How the Scam Works: 

The target receives an SMS, usually starting with his or her real name. The name is not hard to get because fraudsters use information from previous data breaches to pair names and phone numbers.   

When you get an SMS that starts with "Hey John" it’s more likely people will believe it. Here are a few examples:  

Customer: Cynthia your neighbors are saving 79% annually on their electric bill w/this E-Saver. Click here to save hundreds https://gimelove[.]com/mon  

Energy: Gary, your neighbors are paying 79% less for power. Why aren't you? Stop overpaying-click here to start saving https://gimelove[.]com/eln 

Some messages even go so far as to include the full name of the person receiving it.  

The Promise of Lower Energy Prices

Besides traditional phishing and malware, there's a third option.  Victims can be directed to a website that looks like a media article about Elon Musk promoting a small device he supposedly invented.  

The text is well written and looks convincing, with quotes, testimonials, technical jargon, and word salads that give the impression of legitimacy.  

Here's an example: 

"The big power companies are scamming you. Yes, that's right. Believe it or not, they have been using a secret to cheat you every time you run your lights, dishwasher, blender, vacuum and anything else that draws power. This is why your power bill is so expensive every month and keeps rising with some US residents paying as much as $500 a month in electric bills. Every American can slash their electricity bill by 90% using this revolutionary technology. You're welcome, America," said the fake Elon Musk. 

In fact, the same promise of a 90 percent reduction in electric bills is illustrated in the same article with some fake scans of "real" invoices.

The article's sole purpose is to convince the reader that the device is real and to click on the embedded links.  

This is what the users see when they access the link. It's another website - this time one that sells the actual device. 

These devices are fake. The promotion shows a green light indicating it's "working." There are a few options to buy a device for $44, but they promise the most popular version is a three-pack for the low price of $105.  

To be clear, you can’t lower the price of the electricity bill just by plugging yet another device into the outlet.

The same kind of devices, some of which are extremely similar, can be bought from Chinese marketplaces for tiny sums, which is likely what scammers are doing. In the end, people will pay 40 bucks for a device that costs the fraudsters just a few dollars.

Here's a very similar product: 

Conclusion 

If you receive a message promising savings on your electricity bill, be suspicious. It's most likely a scam trying to trick people into spending money on useless devices. The fact that an SMS displays the receiver's actual name should make no difference.  

Scammers often use major events and popular figures to further their campaigns. In this case, the image of Elon Musk is used to drive this campaign and to convince potential victims that the device they sell is a real invention. 

How to spot it 

• Text mentioning paying, saving or overpaying. 
• Phishing links associated with domains such as esavrr[.]com, gimelove[.]com, eaelon[.]com. 
• Text messages sent from the United States (all the numbers sending these messages are from the US)  

Tips to avoid energy savings scams 

• Do not click on links in unsolicited messages claiming energy savings. 
• Verify any claims of energy discounts directly with your energy provider. 
• Report suspicious messages to your phone carrier and local authorities.