
đ âPower Parasitesâ Phishing Attacks Targeting Energy Companies and Major Brands
Since 2024, sophisticated phishing attacks known as âPower Parasitesâ have been targeting leading global energy companies and well-known brands. A recently published comprehensive threat analysis report detailed these activities.
This campaign primarily exploits the names and brands of major companies such as Siemens Energy, Schneider Electric, EDF Energy, Repsol S.A., and Suncor Energy to carry out fraudulent schemes. Perpetrators deceive individuals through fake investment platforms and fraudulent job offers, aiming to steal personal and financial information.
According to research, attackers have created over 150 active domains that mimic official company websites to mislead victims. The primary targets are users in Asian countries, including Bangladesh, Nepal, and India.
Victims are approached with localized content in languages such as English, Portuguese, Spanish, Indonesian, Arabic, and Bengali. They are also directed to fake websites via social media platforms and Telegram channels.
Researchers from Silent Push highlight that the attackers employ a âspray and prayâ tactic, abusing multiple brand names simultaneously to reach as many victims as possible.
Domains often include abbreviations like âSEâ (for Siemens Energy) or âAMDâ (for Advanced Micro Devices), such as sehub.top or amd-biz.mom.
The âPower Parasitesâ campaign targets victims through two main methods:
- Investment Scams: Victims are lured with fake investment platforms linked to reputable companies, promising high returns.
- Job Recruitment Scams: Victims are offered jobs at major companies, with requests for personal information, bank account details, passport copies, and financial documents.
Fake websites are often equipped with an âInvite codeâ field, creating the illusion that victims are part of an exclusive group.
Attackers even distribute fake promotional videos via YouTube. For instance, one video in Bengali promised âfree money-making opportunitiesâ through new websites.
Technical analysis of the phishing pages revealed that they use similar templates and code, enabling attackers to quickly create new domains when one is taken down.
In Telegram channels, malicious links were shared using names containing terms like âsiemensenergy.â Many of these channels have already been blocked or removed.
Siemens Energy issued an official warning, stating that they do not operate any investment platforms and do not require payments during the hiring process.
Similarly, Repsol Energy published a warning on its âFraud Alertâ page about scams involving artificial intelligence used to impersonate company executives.
How to Protect Yourself from Phishing Attacks Like âPower Parasitesâ?
- Use Official Sources:
If youâre seeking employment or investment opportunities, verify information directly on the companyâs official website. Never share personal information via links from unknown domains. - Carefully Check Emails and Links:
Scrutinize the senderâs email address and domain name. If the domain looks suspicious or the company name is misspelled, itâs a clear sign of phishing. - Reject Job Offers Requiring Payment:
No reputable company will ask for payment to secure a job. An âemployerâ requesting money is likely a scammer. - Verify Investment Platforms:
Be cautious if someone promises quick, high profits. Always independently verify the legitimacy and licensing of such platforms. - Avoid Entering Passwords or Personal Information on Suspicious Sites:
Be especially wary of pages requesting âinvite codesâ or secret codes, as these are often scams. - Scrutinize Social Media Ads:
Donât hastily accept offers or ads on platforms like Facebook, Telegram, or YouTube. Always conduct additional verification. - Keep Antivirus and Security Software Updated:
Having up-to-date, reliable antivirus software on your device increases your protection against phishing attacks. - Contact Companies Directly About Suspicious Sites:
If you encounter a suspicious website related to Siemens Energy, Schneider Electric, or other companies, report it through their official contact channels. - Follow a Simple Rule: âIf an Offer Seems Too Good to Be True, It Probably Is!â
Scammers often exploit peopleâs desires for quick and easy wealth. - Stay Informed About Cybersecurity News:
Keeping up with the latest phishing campaigns and threats helps protect you and those around you.