More winter woes: Utility-bill scams

Amit Basu Photography | Flickr | Getty Images

That email from your power company—the one that looks like a billing statement—could be bogus. And if you click on the link, you could be in for a nasty surprise.

"Electric utilities across the country—from Florida to Washington—have reported customers being targeted by these malicious emails," said Jon Corley, with the Edison Electric Institute, a trade group that represents investor-owned U.S. electric companies.

The fake billing notice emails may arrive as simple text sent from the "Energy Billing Service" or more graphically pleasing HTML that includes the logo of a real utility, although not necessarily your power company. That should be a red flag that something's wrong.

PG&E, a big West Coast utility, recently warned that its logo was used on many of these scam billings.

(Read more: How the 'one ring scam' can cost you money)

"It's unacceptable that someone is trying to take advantage of our customers and others," PG&E senior vice president Helen Burt said in a statement.

Here's one fake bill, according to PG&E:

The scammers want you to click on a link in the email that will supposedly let you view your most recent bill. They hope the large amount due—often $500 or more—will get you to do that.

Click on the link and you may be directed to a scam website designed to steal your personal information. Or you might install malicious software—a Zeus Trojan—onto your computer.

"It's very, very dangerous," said Paula Selis, senior counsel for the High Tech Unit of the Washington State attorney general's office. "It can also download other malware, so it could reach out and find other bad files and also install them on your computer."

And here's the real scary part: You could download this malicious software and never know it.

(Read more: Identity theft rises as crooks get more creative)

"Unlike the old days, these malicious programs don't necessarily make your computer slow down or run any differently," noted Chester Wisniewski, a senior security advisor at Sophos. "It's designed to be stealthy and do its dirty work in the background."

Your best weapon against phone scams
Your best weapon against phone scams

A number of utilities, including Southern California Edison, have warned that some of these fraudulent emails claim the customer has past due bills and threaten to disconnect the service if the bogus bill isn't paid. In the midst of a brutal winter, that is certain to increase the number of people who click on the embedded link to find out more.

"We would never send our customers an email that says pay immediately or we'll turn off your power," said Marlyn Denter, the utility's manager of consumer affairs.

The Edison Electric Institute points out that if you fall behind on your electric bills, you'll receive written notices of a possible disconnection and how to prevent it. (Read its consumer alert: New Email Scam Targets Utility Customers)

(Read more: Why some of us are more vulnerable to online fraud)

The bottom line: If an email with a utility bill lands in your inbox and it looks different from your normal bill, has an unfamiliar address or is from a different utility company, delete it right away. Don't click on the link. If you want to know more, call your utility's customer service line.

While this is the latest utility-related scam, it's certainly not the only one. Con artists are still targeting small businesses over the phone. They pretend to be with the electric company and claim the power will be shut off immediately if payment isn't made right away via Green Dot prepaid debit cards. Victims in this scam have been taken for thousands of dollars.

—By CNBC contributor Herb Weisbaum. Follow him on Facebook and Twitter @TheConsumerman or visit The ConsumerMan website.