With the cost of energy skyrocketing, it’s no surprise that scammers are trying to take advantage. We’ve been looking into the Ofgem energy bill rebate scam, and how you can avoid losing money to this phishing email.
What is the Ofgem energy bill rebate scam?
This scam comes in the form of a phishing email (check out this tweet from Cumbria Trading Standards to see the email), although we have seen similar scams sent by text. At the top of the email is the Ofgem branding; specifically, their logo.
The email then goes on to inform recipients that the government has announced an energy rebate scheme, and that there is a packet of support available. This comes in the form of a £200 discount on their energy bill this autumn, as well as a £250 council tax rebate.
It specifies that these rebates do not need to be paid back to the government, and asks recipients to apply for the rebate via the Ofgem portal. The email ends with a button to take you to this portal.
How do we know this is a scam?
The cost of living crisis is leaving everyone feeling the pinch, and as is the case when something like this hits the news, we can expect that scammers are going to try and take advantage. We saw a similar kind of phishing email with the covid vaccine scam; victims were asked to apply to receive their vaccine. Scammers know when people are panicked, they’re less likely to think before they click - particularly when the email is offering something they want.
However there are a number of indicators that this phishing email is just that - a phisher on the lookout for card details. Firstly, the formatting of the email itself is very strange; although the Ofgem logo is at the top of the page, the rest of the email is devoid of banners and logos. Take a look at the sender's email and you’ll notice that it’s not from Ofgem, or even the government; the address is ‘rebate-Ofgem’. This should set your alarm bells ringing. If the email is from a legitimate sender you should expect to see their company name after the @ sign, not a hyphenated version.
Another thing to look out for in a phishing email is the grammar. Although this email is fairly well written, there is some odd use of capitalisation in the first line - every word in ‘You Are Eligible To Apply For Energy Bill Rebate’ is capitalised. The sentence also reads slightly strangely, as if there should be a missing ‘an’ between ‘For’ and ‘Energy’. Remember, a legitimate business or organisation will never send out an email that doesn’t represent their brand well. If there are spelling mistakes, a strange sentence structure or odd capitalisation, you could be looking at a phishing email.
Finally, let’s take a look at the rebates themselves. The scammers have listed two rebates that the recipient is eligible for; a £250 council tax rebate, and a £200 energy bill rebate. These are two rebates that are grounded in reality; the council tax rebate is something which the majority of households received in April, but this was for £150 and not £200. The energy bill rebate is a scheme outlined by the government in July, with households receiving £66 a month from October to March.
Neither of these rebates require eligible households to apply. The council tax rebate was issued by local councils, and the energy bill discount is being issued directly though direct debits and vouchers. The claims in this email can be disproved with just a quick web search.
Stop, think and send to junk
These scams are designed to encourage victims to act quickly and without thinking. If you receive an email like the one above, stop and think before you click any links. If things look a bit strange, it’s always worth searching for the information online first. Remember, never click a link in an unexpected email, when you don’t know the sender personally.
Worried about phishing emails in your business? Try U-Secure
Do your employees and colleagues know how to identify a phishing email? If you’re worried about one of these scams affecting your business, you can get your team educated with U-Secure.
U-Secure is an educational application that you can use to get your staff up to speed with cyber security. U-Secure sends ten minute courses to your employees, and records the results so you can see who needs some extra help to keep your organisation protected.
As a U-secure partner Transcendit can offer your business a 30-minute demo of the software, and answer any questions you might have on how this could work for your organisation.
Give us a call on 0191 482 0444 to try out U-Secure