Phishing (Email Scams)
Phishing is a scam where fraudulent emails are sent to people in an attempt to trick them into revealing personal or financial information. If someone was to reply or click on any of the links or attachments in these emails, they will be taken to a fake page which will try to deceive them into entering personal information such as a username, password, credit card or bank account information.
Phishing emails may circulate randomly from time to time pretending to come from Electric Ireland. They may contain realistic-looking logos, official-sounding text and familiar branding. They may also link to exact clones of official web pages. However, these emails are fraudulent and have nothing to do with Electric Ireland.
If you clicked on any link or attachment in these emails and provided personal or financial information we would advise you to contact us as well as your bank or debit/credit card company immediately using the phone number listed on your bank statement or on the back of your debit/credit card.
Note that your email address can often be found from publicly available sources, or randomly generated. Therefore if you receive a fake email that appears to be from Electric Ireland, this does not mean that your email address, name or any other information has been gathered from Electric Ireland systems.
How to identify a phishing email
- Don’t trust the display name: A common phishing tactic is to spoof the display name of an email, i.e. make it appear as if it came from an Electric Ireland. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from— if it looks suspicious, delete the email.
- Look but don’t click: Hover your mouse over any links embedded in the body of the email. If the link address looks unusual, don’t click on it. If you want to login to your account online, type in the website address directly into the address bar rather than clicking on the link from unsolicited emails.
- Don’t give up personal information: We will never ask for personal or financial information via email. If an email requests this information it is more than likely a phishing scam.
How to tell if a webpage is an official Electric Ireland page
All pages on our websites are encrypted using the following SSL certificates:
electricireland.ie: Digi-Sign CA Digi-SSL valid to 04/05/2019
electricireland.com: Digi-Sign CA Digi-SSL valid to 04/05/2019
youraccountonline.electricireland.ie: Digi-Sign CA Digi-SSL valid to 27/01/2019
youraccountonline.electricireland.com: Digi-Sign CA Digi-SSL valid to 09/06/2019
businessonline.electricireland.ie Digi-Sign CA Digi-SSL valid to 08/06/2019
electricirelandrewards.ie: GoDaddy Secure Certificate Authority G2 valid to 01/06/2018
electricireland.payzone.ie: Comodo RSA valid to 19/05/2019
You can verify that the page is secure by making sure the page address starts with https://, looking for a padlock icon in your browser as well as a range of other visible signs. Some common examples are shown below.
If you are on an official Electric Ireland page you will see a padlock in the address bar. Clicking on it will bring up details on your connection that will tell you whether the website is verified or not. The below examples verify that the current session is connected to electricireland.ie and that the identity of the website has been verified.
Examples of previous phishing scams
Below are a selection of phishing emails that have previously been in circulation, which will give you a better sense of what to look out for.
In these examples both buttons linked to non-official Electric Ireland websites. You can verify this by checking the address of any website you visit in the address bar of your browser. The official address for our online billing portal is https://youraccountonline.electricireland.ie.
In this example, the header contains suspicious and unrelated addresses such as ‘fsa-central-district.net’. The sender address is also a variation of the official Powering Rewards website – ‘powerinrewards.ie’ (Note the absence of a ‘g’ in the word powering). If the header contains suspicious and unrelated addresses similar to this, delete the message.
If you have any concerns or suspicions about an email please feel free to contact us and we will advise you on what to do.