Beware!
National Information Solutions Cooperative, Inc. (NISC) informed Valley Rural Electric Cooperative (REC) and other cooperatives that scammers are using phishing campaigns that imitate the SmartHub® log-in or landing page in order to obtain personal and financial information.
What is a phishing campaign?
A phishing email or text is a fake message designed by cybercriminals to look like a real message from a person, organization, or business that you might know. The scammers hope that familiarity or urgency will cause you to lower your guard and click on a bogus link or attachment to steal your personal or financial data or to install a virus.
What is SmartHub?
Created by NISC, SmartHub is Valley REC's electronic account presentment and payment software. For more information about SmartHub, visit our SmartHub Overview page.
What are the details of the SmartHub phishing scam?
Members of an electric cooperative that uses NISC's SmartHub software reported that they received an email containing a link to a page impersonating the SmartHub log-in page. This fake page seemed legitimate and included the SmartHub logo and the cooperative's logo.
However, the web address or URL (Uniform Resource Locator) for the page was not the correct one for the real SmartHub log-in page. This was the first red flag that the site was not legitimate.
After logging in, a person was then prompted to enter a variety of sensitive data, including name, address, credit card number, expiration date, card security code, date of birth, mother's maiden name, and social security number. The last three items were definitely not needed to make a payment in SmartHub. This was another red flag that this was a scam.
How can you protect yourself?
If you use SmartHub and have not activated multi-factor (or two-factor) authentication, you can activate it to prevent hackers or scammers from gaining access to your SmartHub account. Multi-factor authentication requires that you provide more than one form of authentication (often a code sent to you) to access your account.
Be wary of text messages or emails with attachments or suspicious links. Do not open attachments or click links unless you are expecting the message, know the sender, and are certain the content is safe. Learn how to determine if a Valley REC or SmartHub message or website is legitimate.
If our SmartHub log-in screen does not look like the image above, a green background with the SmartHub logo and white entry boxes for Email address and Password, then it is likely a fake. Our Pay Now screen looks very similar to the log-in screen. The phrase "Welcome to the Pay Now Site" appears under the logo, and the Email and Password boxes are replaced with Account Number and Last Name or Business Name boxes. However, scammers could try to create look-a-like versions of these screens, so you need to do more investigating. Check for grammar, punctuation, or spelling errors. Also, double check the link that brought you to the screen to make certain it is legitimate.
How can you tell if an email or text claiming to be from Valley REC or SmartHub is legitimate and not a scam?
- If you are not a member of Valley REC, or if you are not signing up for service with the co-op or doing business with the co-op, then the message is probably a scam. We do not send emails or texts to non-members or folks who have not contacted us.
- If you are a member of Valley REC or doing business with the co-op but did not ask to receive emails or texts from us or from SmartHub, then the message is probably a scam. We only send messages to members who have chosen to receive them or to people who have contacted us.
- If you are a member of Valley REC or doing business with the co-op and have chosen to receive messages from us, check the email address of the sender. It should end with @smarthub.coop or @valleyrec.com. If that is not the case, then the message is likely a scam.
- If you are still suspicious or unsure about the message, call us toll-free at 1-800-432-0680 during normal business hours to discuss the matter.
How can you tell if a website is a legitimate Valley REC site or a legitimate SmartHub site?
If you are told to click on a link to pay your bill or to take you to the co-op's website or the SmartHub site, move your mouse over the link but do not click the link. Wait for a pop-up box to appear showing the web address of the link. To be a valid link, it should start with https and should be one of the following. Make certain that the spelling and punctuation match.
- Valley REC website
https://www.valleyrec.com
This might be followed by additional text if the link is taking you to a specific page of our website. - Pay Now
https://valleyrec.smarthub.coop/PayNow.html or
https://valleyrec.smarthub.coop/ui/#/paynow - View and Pay Bill | SmartHub | Log In
https://valleyrec.smarthub.coop/ or
https://valleyrec.smarthub.coop/ui/#/login - Start New Service | Sign Up For New Service
https://valleyrec.smarthub.coop/Login.html#newconnect or
https://valleyrec.smarthub.coop/ui/#/newConnect/serviceLocation - Register Now | Account Registration
https://valleyrec.smarthub.coop/ui/#/registration - Access Your Account | Account Access
https://valleyrec.smarthub.coop/ui/#/accountAccess
Always remember, if you suspect an email, text, or link might be fake, do not reply or click. Call us toll-free at 1-800-432-0680 during normal business hours to verify that we sent the message.
For more information on spotting and avoiding scams, check out the article National Slam The Scam Day.