Phishing Awareness Notification

By Bill Heinzen, Cyber Services

(NOTE: Rock Energy is not aware of any of our members specifically being targeted by this phishing scam at this time.)

This is a courtesy notification to raise awareness about phishing campaigns directed toward end consumers in the utility and broadband industries. This includes phishing campaigns imitating SmartHub login pages as well as phishing campaigns imitating webmail logins for broadband webmail providers.
In one example, consumers at an NISC member cooperative received an email that contained a link to a page impersonating SmartHub login. We received permission to share a screenshot of the spoofed page for other Member awareness:

Note that this page included logos, including the company logo (redacted) as well as the SmartHub logo, to give the appearance of legitimacy. (The URL was not an NISC-hosted or Member-hosted resource).
Upon providing credentials, the victim was prompted to enter a variety of sensitive information, including a credit card number as well as a social security number:

In another example, the North Dakota State and Local Intelligence Center published an advisory regarding a phishing campaign that spoofed webmail pages hosted by broadband providers for consumers. The likely purpose of this campaign was to harvest credentials for the webmail service, as well as any other services that the victim might have used the same credentials for. Here is an example of the spoofed landing page for the webmail service, which again took a logo from the legitimate broadband provider:

If you come across of a phishing scam related to SmartHub, please let Rock Energy know by calling us at 866-752-4550.  Thank you for assistance.