Two emails from PGE that will ruin your wallet. Watch out for a new trap

The attack is unusual because it consists of two e-mail messages, which is intended to lull the victim’s vigilance and make the entire situation credible.

The first e-mail is a message with the title “Settlement of the energy price freeze program”, which allegedly comes from the Energy Settlements Department of the Ministry of Climate and Environment. It informs about the need to adjust the settlements for the second half of 2025 due to changes in the G12 tariff.

The second follow-up email has the subject “Clarification and correction of billing” and explains that there was an error in the system and residential customers were wrongly charged a reactive power fee that only applies to businesses:

We would like to inform you about the correction of the settlement regarding the reactive power fee for the period August–December 2025. An audit of the invoicing system showed that the reactive power fee was incorrectly calculated for some residential customers. According to the current tariff for households, this fee should apply only to industrial customers.

Both emails contain a “Verify registration data” button, under which you can allegedly apply for a refund. Users are asked to provide their details along with their bank card details. Of course, this is a scam that may result in you losing money from your account.

An interesting aspect of this attack is that the fake login page only loads for mobile device users. People clicking the link on their computer will not see the dangerous content. Why did fraudsters use such a trick?

CERT Orange Polska explains that smartphone users are more vulnerable to such attacks. The address bar in mobile browsers is short and often disappears after scrolling down the page, making URL verification much more difficult. Additionally, this procedure helps criminals bypass some systems that automatically block malicious websites.