Smart meters are increasingly being deployed to measure electricity consumption of residential as well as non-residential consumers. The readings reported by these meters form a time series, which is stored at electric utility servers for billing purposes. Invalid readings may be reported because of malicious compromise of the smart meters themselves, or of the network infrastructure that supports their communications. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusions. Therefore, there is a need for an additional layer of validation to detect these intrusion attempts. In this paper, we make three contributions. First, we show that the ARMA model proposed in the anomaly detection literature is unsuitable for electricity consumption as most consumers exhibit non-stationary consumption behavior. We use automated model fitting methods from the literature to show that first-order differencing of these non-stationary readings makes them weakly stationary. Thus, we propose the use of ARIMA forecasting methods for validating consumption readings. Second, we evaluate the effectiveness of ARIMA forecasting in the context of a specific attack model, where smart meter readings are modified to steal electricity. Third, we propose additional checks on mean and variance that can mitigate the total amount of electricity that can be stolen by an attacker by 77.46%. Our evaluation is based on a real, open dataset of readings obtained from 450 consumer meters.