Utilities Fraud – A new wave of sophisticated utilities fraud is targeting UK businesses, using advanced deception to impersonate water and energy suppliers. This guide explains the current threats your business faces, from fake utility bills to complex phone scams, and provides an actionable framework to keep your organisation safe.
A Perfect Storm – Why Utility Bill Scams Are on the Rise in the UK
Regulatory change, public distrust, and data insecurity has created a perfect storm for fraudsters and Utilities Fraud, particularly within the UK’s energy and water sectors. Cybercriminals are strategically weaponizing the current climate of confusion to launch highly effective financial attacks against businesses.
The core of the issue lies in the widespread public discussion around utility costs. Regulators like Ofwat have approved significant price increases for the 2025-2030 period to fund massive infrastructure overhauls. With average bills set to rise substantially, businesses are already anticipating communications about new charges and tariffs. A fraudulent email about a “catch-up bill” or “billing error” can therefore seem plausible, arriving as an expected, if unwelcome, piece of correspondence.
This financial uncertainty is amplified by a crisis of confidence in some utility companies. High-profile fines and enforcement actions dominate headlines, creating a narrative of a “broken” industry. This can inadvertently lower a finance team’s guard; a confusing or demanding email might be dismissed as supplier incompetence rather than identified as a malicious attack.
Compounding this is the tangible fear around data security. Billing and charging issues are a leading cause of complaints to consumer watchdogs, and there have been alarming reports of sensitive business utility data— such as Supply Point IDs (SPIDs), Meter Point Administration Numbers (MPANs) and Meter Point Reference Numbers (MPRNs) along with customer details—being offered for sale online. For a fraudster, these are the final piece of the puzzle, giving them the exact data needed to make their utilities fraud communications perfectly convincing.
The Scammer’s Toolkit: How Utilities Fraud Attacks Work
Fraudsters now use a multi-channel approach, combining deceptive emails with sophisticated phone calls to create a powerful and convincing attack.
Fake Emails and Lookalike Domains
One of the most deceptive tactics is the use of lookalike email domains. Scammers register website addresses that are almost identical to your real supplier’s, often with just a single character or additional word changed (for example ‘thebusinessstream.co.uk’ instead of ‘business-stream.co.uk’). Because they technically own this fraudulent domain, their emails can be set up to look legitimate and bypass basic security filters that are designed to block simple forgeries.
The technical side of email security is complex. Ensuring your business is protected from these sophisticated attacks requires specialist knowledge. This is where our sister company, Black Sheep Support, excels. They are experts in cybersecurity and can help secure your email platforms, domains and it infrastructure against these advanced threats.
Phone Spoofing and Voice Scams
Utilities fraud campaigns now see fraudsters increasingly layering their attacks by combining convincing emails with sophisticated phone-based fraud, a practice known as “vishing” (voice phishing). This multi-channel approach dramatically increases an attack’s believability.
At the heart of this threat is Caller ID spoofing, where criminals deliberately falsify the phone number displayed on your device. Using modern technology, they can easily make a call appear to come from a trusted source, such as your energy supplier or even your bank. Armed with customer lists from data breaches, they can target your business knowing exactly which supplier to impersonate.
These attacks often unfold in two ways:
- AI-Powered Robocalls: Scammers deploy automated systems, sometimes using AI-cloned voices, to call every customer on a stolen list. The call, appearing to be from a legitimate supplier, will create a false sense of urgency—for example, claiming that direct debit details must be updated immediately—to pressure an employee into revealing sensitive banking information.
- The Change of Tenancy Broker Scam: This is a more intricate, multi-stage attack. A fraudster calls from a spoofed supplier number and falsely claims that your rates are about to increase. They then offer a fraudulent solution: a “Change of Tenancy” to exit the current contract and switch to a new supplier. The scammer offers to connect you to a “recommended broker.” If you say you already use a broker, they will ask for the name, hang up, and then call back moments later, this time spoofing the number of your trusted broker. Believing you are speaking to your legitimate partner, you might agree to the switch, provide new bank details, and the fraudster successfully claims commission payments from the new supplier, leaving your business in a contractual mess.
A Real-World Example: The Ofgem Investigation into Maxen Power
The risks associated with these tactics are not theoretical. In December 2024, the energy regulator Ofgem concluded a major investigation into the supplier Maxen Power, highlighting serious failures that left business customers vulnerable.
Ofgem’s investigation found that Maxen Power’s weak systems allowed third-party representatives to sign up new customers without their consent, sometimes by falsely claiming to work for other suppliers. A key area of concern was the company’s “Change of Tenancy” (CoT) policy. Ofgem found that the supplier placed unreasonable requirements on businesses, demanding a large number of documents to process a simple change of tenancy.
This difficult process created a serious risk for businesses. The time taken to gather the required documents could lead to tenants being trapped on expensive “deemed rate” tariffs, causing debt to build up and making it difficult to switch to a different supplier. The investigation revealed that the majority of complaints against the company were for mis-selling, poor communication, and difficulties with the change of tenancy process.
As a result of these licence breaches, Maxen Power was required to pay £1.65 million to a voluntary redress fund and overhaul its policies to protect customers. In a statement, Ofgem’s deputy director of enforcement, Dominic Alexander, said, “Our duty is to protect energy consumers, and we expect all suppliers to look out for their customers and treat them fairly. But it’s clear that Maxen Power fell significantly short of our standards”. This case is a stark reminder of how complex supplier processes and poor oversight can be exploited as part of utilities fraud campaigns, causing direct financial harm to businesses.
Choosing the Right Partner to Defend Against Utility Fraud
In this high-risk environment, businesses need a specialist partner with expertise in both the utility markets and the cybersecurity landscape to help protect them from Utilities Fraud. The energy regulator, Ofgem, has acknowledged that some Third-Party Intermediaries (TPIs) have failed to meet the standards businesses expect, prompting a move towards greater regulation to improve consumer protection and trust.
This is where a partner’s commitment to industry standards becomes a crucial differentiator. Black Sheep Utilities is an active and respected participant in Ofgem’s TPI working groups, helping to shape the codes of practice designed to protect businesses across the UK. This involvement provides an unparalleled perspective on market direction and a clear indicator of credibility and commitment to ethical conduct.
However, understanding regulation is only half the battle. Through our strategic partnership with cybersecurity specialists at Black Sheep Support, we offer a holistic approach to risk management and to help protect against Utilities Fraud. Our integrated team understands both the pretext of the scam (a complex utility bill) and the method (a sophisticated email and phone attack). This dual expertise allows us to provide a comprehensive defence strategy that addresses the entire threat.
An Actionable Checklist for Preventing Utilities Fraud
Because these attacks are designed to exploit people, the most resilient organisations build a defence-in-depth strategy that fortifies processes and empowers employees.
Here are the critical internal controls every business must implement to prevent utility fraud:
- Partner with a Trusted Broker: Instead of dealing directly with multiple suppliers, use a dedicated utility broker like Black Sheep Utilities as your single point of contact. This provides a powerful, expert filter between your business and potential fraudsters. All legitimate supplier communications—from billing queries to contract renewals—are channelled through us first. We handle the verification, so your finance team is no longer the frontline defence. Any “supplier” who contacts you directly immediately becomes a red flag, simplifying your internal security procedures and adding a professional layer of protection.
- Mandate Independent Verification: Institute a strict policy that any request to change supplier bank details—whether received via email or phone—must be verified out-of-band. This means hanging up and calling a known, trusted contact at the supplier using a phone number from your existing records, not one provided in the suspicious communication.
- Enforce Segregation of Duties: Ensure that no single person can both amend vendor payment details and approve payments. This separation makes it significantly harder for an attacker to succeed.
- Conduct Continuous, Targeted Training: Your finance and procurement teams need regular training on how to spot the signs of utility scams, recognise the psychological tactics used, and understand their role as a human firewall for the organisation.
Take Action to Secure Your Business from Utilities Fraud
The threats are real and the financial and reputational costs of an attack are severe. Your organisation may have hidden vulnerabilities where your utility management and financial processes intersect.
Black Sheep Utilities, in partnership with Black Sheep Support, provide an extra layer of defence for all our customers. Our integrated team of utility market and cybersecurity experts are on hand to assess utilities fraud threats. Like any good shepherd we protect our flock, we are after all ‘Outstanding in our field’!
Book an appointment to discuss any security concerns or to speak to one of our experts about your next Water, Energy or IT contract.
GET IN CONTACT WITH US
What’s the first thing I should do if I receive a suspicious utility bill or phone call?
Stop, and do not take any immediate action. Do not click on any links, download attachments, or provide any personal or financial information. If it’s a phone call, hang up immediately. The goal of scammers is to create a sense of urgency to make you act without thinking. The next step is to let us know so we can independently verify the authenticity of the communication with your supplier.
How can I spot a fake utility email?
Look for red flags like an email address that is slightly different from your supplier’s official one (e.g., an extra hyphen or a misspelling). Be wary of urgent language demanding immediate payment, threats of disconnection, poor grammar, and unexpected attachments or links. Always verify the request by contacting your supplier or broker through a known, trusted channel.
What are the signs of a utility phone scam?
The caller might ask for payment via unusual methods like bank transfer or gift cards. Scammers can also spoof their phone number to make it look like they are calling from a legitimate company. If you have any doubt, hang up and call your supplier or broker back on a number you have on file.
How does using a broker like Black Sheep Utilities provide an extra layer of protection?
Using a dedicated broker means you have a single, trusted point of contact for all your utility needs. We act as an expert filter, managing communications with your suppliers. This means any “supplier” who contacts your business directly should be treated as an immediate red flag. It simplifies your security process, as your team only needs to verify communications with us, not with multiple different suppliers.
Are these scams limited to just energy or water bills?
These scams can target any utility service, including both energy (gas and electricity) and water. Fraudsters will impersonate any trusted organisation to try and deceive you. The tactics, such as fake invoices and urgent payment demands, are the same regardless of the utility type.
What is a “Change of Tenancy” scam and how does it work?
This is a complex scam where a fraudster, pretending to be your supplier, convinces you that your rates are increasing and that you can escape your contract by processing a “Change of Tenancy.” They may then impersonate a broker to switch you to a new supplier, stealing your details and fraudulently claiming commission. This tactic was a key concern in Ofgem’s investigation into Maxen Power, where difficult CoT processes left businesses vulnerable.
I think my business has already paid a fraudulent invoice. What should I do?
If you believe you have been a victim of fraud, act immediately. First, contact your bank to report the payment and see if it can be stopped or recovered. Then, you should report the incident to Action Fraud, the UK’s national reporting centre for fraud and cybercrime.
I’m not a Black Sheep Utilities customer. Can you still help me if I’ve received something suspicious?
Yes, absolutely. We are committed to helping all businesses stay safe. If you have received a suspicious email or call, you can book an appointment with our team for a no-obligation review. We can help you determine if it’s legitimate and advise on the next steps.
