Phishing (Email & Phone Scams)
Phishing is a scam where fraudulent emails are sent or calls made to people in an attempt to trick them into revealing personal or financial information. If someone was to reply or click on any of the links or attachments in these emails, they will be taken to a fake page which will try to deceive them into entering personal information such as a username, password, credit card or bank account information. Similarly a phone caller may try to trick a customer into giving their bank details in return for a special offer.
Phishing emails or calls may circulate randomly from time to time pretending to come from Electric Ireland. They may contain realistic-looking logos, official-sounding text and familiar branding. They may also link to exact clones of official web pages. However, these emails & calls are fraudulent and have nothing to do with Electric Ireland.
If you clicked on any link or attachment in these emails and provided personal or financial information we would advise you to contact us as well as your bank or debit/credit card company immediately using the phone number listed on your bank statement or on the back of your debit/credit card.
Note that your email address can often be found from publicly available sources, or randomly generated. Therefore if you receive a fake email that appears to be from Electric Ireland, this does not mean that your email address, name or any other information has been gathered from Electric Ireland systems.
How to identify a phishing email
- Don’t trust the display name: A common phishing tactic is to spoof the display name of an email, i.e. make it appear as if it came from an Electric Ireland. This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from— if it looks suspicious, delete the email.
- Look but don’t click: Hover your mouse over any links embedded in the body of the email. If the link address looks unusual, don’t click on it. If you want to login to your account online, type in the website address directly into your browser address bar rather than clicking on the link from unsolicited emails.
- Don’t give up personal information: We will never ask for personal or financial information via email. If an email requests this information it is more than likely a phishing scam.
If you have any concerns or suspicions about an email please feel free to contact us and we will advise you on what to do.
How to tell if a website is an official Electric Ireland page?
All pages on our websites are encrypted using the following SSL certificates:
electricireland.ie: Digi-Sign CA Digi-SSL valid to 24/03/2022
electricireland.com: Digi-Sign CA Digi-SSL valid to 24/03/2022
shop.electricireland.ie: Digi-Sign CA Digi-SSL valid to 22/07/2022
youraccountonline.electricireland.ie: Go Daddy Secure Certificate Authority - G2 valid to 05/02/2023
youraccountonline.electricireland.com: Digi-Sign CA Digi-SSL valid to 25/05/2022
businessonline.electricireland.ie Digi-Sign CA Digi-SSL valid to 21/10/2022
signin.electricireland.ie DigiCert TLS RSA SHA2 2020 CA1 valid to 05/02/2023
electricirelandrewards.ie: ESBSSLinspection.esb.ie valid to 18/05/2022
electricireland.payzone.ie: GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 valid to 08/01/2023
electricirelandsmartpayments.paypoint.com: ESBSSLinspection.esb.ie valid to 20/10/2022
You can verify that the page is secure by making sure the page address starts with https://, looking for a padlock icon in your browser as well as a range of other visible signs. Some common examples are shown below.
If you are on an official Electric Ireland page you will see a padlock in the address bar. Clicking on it will bring up details on your connection that will tell you whether the website is verified or not. The below examples verify that the current session is connected to electricireland.ie and that the identity of the website has been verified.
Examples of recent phishing emails
Below are a selection of phishing emails that have previously been in circulation, which will give you a better sense of what to look out for.
In these examples both buttons linked to non-official Electric Ireland websites. You can verify this by checking the address of any website you visit in the address bar of your browser. The official address for our online billing portal is https://youraccountonline.electricireland.ie.
In this example, the header contains suspicious and unrelated addresses such as ‘fsa-central-district.net’. The sender address is also a variation of the official Powering Rewards website – ‘powerinrewards.ie’ (Note the absence of a ‘g’ in the word powering). If the header contains suspicious and unrelated addresses similar to this, delete the message.