14 DAY TRIAL // Customers of electric cooperative Coast Electric are currently targeted by scammers aiming to steal the credentials for the online services offered by the company.
Messages purporting to come from utilities companies, or parcel delivery services are not unusual as cybercriminals learned that users are more likely to click on links in an allegedly official communication from a legitimate organization providing public services than from any other business.
Scammers lure to phishing site with fake payment request
Coast Electric was alerted by the nefarious practice spreading to its members by a customer who received the fraudulent email and recognized it as such.
According to a message from the utility company, the fraudsters use the name “doxo in the sender’s field and rely on the email address “[email protected].”
Customers are advised that Coast Electric uses the domain “coastepa.com” and communication from an address with a different one is not from them.
The malicious email claims that a $1.99 / €1.80 payment needs to be made and points the recipient to a bogus website that impersonates coastepa.com.
“Although it IS possible for phishers to make it look like an email came from a particular company, many times there are clues in the address or body of the email, just as there were in the scam targeting our member today. For example, the address and links referenced “doxo” and not Coast Electric, and referenced a $1.99 payment we that we do not charge or collect,” the provider warned on Thursday.
Company website and payment services are not impacted
The recommendation is to avoid clicking on payment links in emails and just access the legitimate page of the organization by manually typing the correct address in the browser and access the account when the page loads.
The website of the company and payment processing are not affected in any way and customers can use it securely for billing purposes, Coast Electric says.
[UPDATE]: Coast Electric published an update for the phishing warning from "[email protected]" saying that the service is legitimate. It is a third-party payment company that may be selected by individuals for paying their bills.
"Coast Electric made a mistake in saying that emails from doxo were part of a phishing scam," the utility company says in the update.