Ddos 
Screenshot of a Repsol phishing website repsolhub[.]buzz | Image: Silent Push
A sprawling phishing and scam operation, dubbed “Power Parasites” by the threat analysts at Silent Push, is leveraging the credibility of major energy and tech brands to lure unsuspecting individuals—particularly in Bangladesh, Nepal, and India—into fraudulent job and investment schemes.
Operating across deceptive websites, Telegram channels, and social media groups, this campaign targets brands like Siemens Energy, Schneider Electric, Repsol S.A., Starlink, Netflix, and others, impersonating their logos, platforms, and executives to facilitate financial fraud and identity theft.
The campaign rose to broader attention in late 2024, when Siemens Energy publicly warned users on Facebook of scam pages misusing its name to promote pyramid investment and fake job offers:
“We strongly advise the public to refrain from investing or depositing money on any social media or offline platforms claiming to be associated with Siemens Energy.”
Victims receive realistic-looking employment agreements demanding sensitive personal details such as:
- Bank account number & IFSC code
- Passport & birth certificate copies
- A void cheque
“The threat actor requests that the applicant… provide a ‘Bank account number & Bank IFSC Code’ along with passport… and a ‘void cheque.’”
These requests are framed as “joining formalities” for roles that do not exist.
Silent Push analysts mapped over 150 domains as part of this infrastructure, with naming conventions centered around keywords like se-, amd-, renewables, biz, and top:
Examples include:
- se-renewables[.]info
- amdtop[.]vip
- sehub[.]top
- repsolhub[.]buzz
Domains often featured login pages with “Invitation code” fields, a common tactic in investment fraud to discourage outside inspection:
“The ‘Invitation code’ field… is used to make it more difficult for defenders to investigate… without being directly contacted by website operators.”
Promotion of these scams isn’t limited to dark corners of the internet. The campaign has been actively advertised via YouTube, with videos aimed at Bangladeshi and Indian audiences encouraging viewers to “Earn free money from new sites.”
“A second YouTube video… titled in Bangla: ‘Earn free money from new sites’” linked directly to scam domains.
In addition, Telegram channels spoofing Siemens Energy were used to funnel victims into scam websites, although most have since been banned.
While many campaigns fall into the broader category of “pig-butchering” scams—a term originally coined for long-term investment frauds where scammers “fatten” victims with fake gains—Power Parasites adds a layer of eco-credibility by targeting renewable energy and clean tech brands. These scams were essentially additional financial phishing content gated behind a login. Victims are led to believe they are participating in green investments or prestigious tech job offers.
Repsol and Suncor Energy have both issued public warnings:
“Repsol never requires payment to be involved in a Company recruitment process… It is not common practice to request personal information… by email or telephone.”
Meanwhile, the U.K. Financial Conduct Authority flagged a domain, repsolgain[.]com, as a fraudulent investment platform misusing the Repsol brand.
Interestingly, Silent Push researchers believe this specific domain may be part of a separate campaign, distinct from the main Power Parasites operation, based on technical and visual differences.
Power Parasites is more than just another scam campaign. It’s a multi-language, multinational operation exploiting the reputations of trusted global brands for monetary gain. With over 150 domains and dozens of platforms compromised or mimicked, this is a call to arms for brand protection teams and cybersecurity defenders alike.
Donate