A substantial portion of critical information infrastructures in advanced economies comprises former public utilities, which in the 1980s/90s were fully or partially privatized, a change justified mainly on economic efficiency grounds. This entailed that these utility companies had to compete in the free market, thus being exposed to the same risks/opportunities as private companies. Much like businesses in other industrial sectors, utility companies have increasingly joined social media over the last decade, as ‘digital’ visibility through social networking platforms, such as Facebook, Twitter, and Instagram has become fundamental. The new (privatized) utilities have relied on marketing and ad campaigns to promote their business and generate revenues. Trust and reputation for companies are primary resources to attract new customers and/or keep old ones, especially for companies with a wide customer base. Trust and reputation are difficult assets to preserve on social media, as they can be subject to negative attacks, including fake campaigns. This paper is a probe that explores a potential attack vector to critical infrastructures via weakening customer and investor trust in (the now private) utilities by blemishing CII-utilities’ reputation on social media. More specifically, the paper considers the possibility of attacks that have the potential to undermine the stability and reliability of critical infrastructures and advances a preliminary justification of why that may happen. We do this by looking at cases in which negative social media campaigns with fake content have been successfully implemented via digital tools.