In the past few days, we’ve noticed an increase in the number of ‘phishing’ emails being received by BT customers. Here’s how to spot them.
Phishing is a type of scam where a message is designed to look as if it is from a genuine company to try and trick you into giving out private information, like passwords or account numbers. Most phishing is done by email, but it can also come through a text message sent to your SmartPhone.
We want to make sure that our customers are aware of suspicious emails and take the appropriate action. Emails can be faked, so just because an email appears to have come from a from a BT email address like firstname.lastname@example.org, it might not really be from BT.
If we have genuinely sent you an email about your account, the link is likely to be to an address which starts with one of the following:
If you’re concerned at all, just don’t click on any links in an email or reply to it, especially if it’s about confirming or updating your personal or billing details. You can always safely sign in to see details of your account at www.bt.com/mybt.
You should generally be suspicious of any email which:
- Asks you to ‘verify your account’
- Has an unknown address or ‘undisclosed recipients’ in the ‘To’ and ‘From’ fields
- Asks you to provide personal information such as bank details, addresses, passwords and usernames which could be used to commit fraud or steal your money
Here are some clues to look out for:
- Does the email use your name? It’s rather unlikely your bank would start an email with “Dear customer”
- Is the email trying to create a sense of urgency or panic? A common tactic
- Has it come from an organisation you’re doing business with now, or have done in the past? If so, just visit their site via your usual method. Never use links provided in the email
- Did the email come out of the blue? If you’re not expecting a parcel, or haven’t placed an order, be suspicious. Don’t be tempted to reply
- Is the email grammatically correct and is the formatting of images correct? Large organisations don’t normally send emails with poor grammar, spelling or content
Phishing emails can be hard to spot. They’re designed to look like real emails from real organisations. If you’re unsure, delete it.
Here’s an example of a recently received phishing email. The suspicious links within the phishing email are highlighted in blue:
It’s possible for a link in an email to go to a different location than the one shown. In the following example, the link doesn’t go to www.bt.com – it goes to www.bbc.co.uk instead: www.bt.com (when you hover over this link, the www.bbc.co.uk URL will show in the bottom left of your browser). It’s often easy to tell where links will go to on websites, but it can be more difficult with links in emails.
Here’s another example with the suspicious links highlighted in blue. If you want to see where a link in an email will send you, just hover over the link with your mouse. You will then see the link destination appear in a small box:
And another example of a phishing email in a simpler format:
If you receive an email that you’re not sure is genuine, don’t click on suspicious links, but please forward it to email@example.com
Although we don’t reply to emails from firstname.lastname@example.org we do contact the hosts to have the website removed.