Two emails from PGE that will ruin your wallet. Watch out for a new trap

The attack is unusual because consists of two email messageswhich is supposed to lull the victim’s vigilance and make the whole situation more credible.

The first e-mail is a message with the title “Settlement of the energy price freeze program”, which allegedly comes from the Energy Settlements Department of the Ministry of Climate and Environment. Informs about the need to adjust settlements for the second half of 2025 due to changes in the G12 tariff.

The second, follow-up email has the subject “Clarification and correction of the fee calculation” and explains that there was an error in the system and domestic customers a reactive power fee was wrongly chargedwhich applies only to companies:

We would like to inform you about the correction of the settlement regarding the reactive power fee for the period August–December 2025. An audit of the invoicing system showed that the reactive power fee was incorrectly calculated for some residential customers. According to the current tariff for households, this fee should apply only to industrial customers.

Both emails contain a “Verify registration data” button below supposedly you can apply for a refund. Users are asked to provide their details along with their bank card details. Of course, this is a scam that may result in you losing money from your account.

An interesting aspect of this attack is that it creates a fake login page only loads for mobile device usersh. People clicking the link on their computer will not see dangerous content. Why did fraudsters use such a trick?

CERT Orange Polska explains that Smartphone users are more vulnerable to such attacks. The address bar in mobile browsers is short and often disappears after scrolling down the page, making URL verification much more difficult. Additionally, this procedure helps criminals bypass some systems that automatically block malicious websites.