[email protected] +374 55 22 88 11
Uncategorized

Armenia Energy Utility Phishing Campaign Analysis

April 13, 2026

This threat report details an active phishing campaign identified from the provided screenshot, targeting customers of the “Electric Networks of Armenia” (Հայաստանի էլեկտրական ցանցեր) as of April 13, 2026.

1. Overview & Reputation

Armenia -- Armenia Energy Utility Phishing Screenshot, Yerevan, 13Apr2026The screenshot depicts a social engineering attack delivered via the Viber messaging platform. The message, written in Armenian, impersonates the official electricity provider “Electric Networks of Armenia” .

  • Sender Identity: The message originates from the phone number +995 595 451127 (a Georgian country code).
  • Malicious URL: The message directs users to https://hec-armenia.netlify[.]app/.
  • Reputation: The domain uses a free hosting service (Netlify), which is highly atypical for official government or utility portals. Security experts have verified this specific URL and campaign as fraudulent as of April 2026 .

2. Observed Malicious Activities & Associations

The campaign utilizes Smishing (SMS/Messenger Phishing) and high-pressure social engineering tactics to harvest financial credentials.

  • Lure & Urgency: The message claims the recipient has an outstanding debt of 460 AMD and threatens an automatic service suspension if payment is not made within one hour. This artificial urgency is designed to prevent the victim from verifying the claim .
  • Credential Harvesting: The phishing site at hec-armenia.netlify.app is designed to mimic a legitimate payment portal. It prompts victims to enter sensitive bank card details, including card numbers and CVV codes, which are then exfiltrated to the attackers .
  • Infrastructure Associations: While this specific campaign is locally targeted, similar “Operational Technology Phishing Roundups”  frequently observe credential harvesting toolkits like PHISHERY  being used to target the energy sector.

3. Practical Mitigation Recommendations

Based on the high-confidence identification of this as a phishing attempt, the following actions are recommended:

  • Immediate Avoidance: Do not click the link or interact with the sender. Legitimate utility companies in Armenia do not facilitate payments through links sent via messaging apps .
  • Network Security: Organizations should block the domain hec-armenia.netlify.app at the firewall and DNS levels.
  • Incident Response: If card details were already entered, contact the issuing bank immediately to freeze the account and monitor for unauthorized transactions .
  • Reporting: Report the malicious URL to Google Safe Browsing to protect other users.
← previous post Vishing Scam Targeting Armenian Mobile Users with Fake “5G Upgrades”