Ask Our Expert

Email from BT asking for account details - is it a scam?

Our Broadband Expert says...

Hi Lynda,

Thanks for your question. We’ve had a lot of similar enquiries lately, and you’re right to be wary.

The email you received is indeed a scam - BT (www.BT.com) is very clear that it will never ever ask you to email back your account information. What you’ve encountered is a textbook example of phishing.

What is phishing?

Phishing is a trick that criminals (called phishers) use to get hold of money and sensitive information, such as usernames, passwords and bank details. The phishers send a message, apparently from a reliable source, hoping to get back some personal information.

Sometimes it’s a painfully obvious scheme. Many of us have received borderline unintelligible emails informing us that we have a long-lost relative who’s left us a big stash of cash, which we can only have if we send them our bank details so they can transfer the money. Other times, the messages can look fairly convincing - they might contain authentic-looking company logos, or mimic the style of an organisation’s corporate email.

There are many techniques phishers use to get hold of your details. Sometimes, as you encountered Lynda, they simply ask you to send back the information, hoping you’ll believe that the message is legitimate. Other times, however, they’ll try more nefarious methods.

One common trick is to tell you to click on a link. These usually take you to a website that’s mocked up to look like an official site. From here, the phishers will try to get you to enter sensitive information through this fake site.

Another tactic phishers use is sending an email that contains an attachment. Opening the attached file will deposit a virus or spyware, which will ferret around your computer looking for personal information, or even log your keystrokes to record passwords as you type them in.

How can I spot a phishing attempt?

The quality of phishing emails is variable, sometimes looking very professional, and other times laughably amateurish. Still, it always pays to be vigilant, and here are a few tips and tricks to help you see if someone’s gone phishing:

Check the address - Always check the name and email address of the person who sent you the email. If the message clearly isn’t from an official company email address, you can be sure it’s a phishing attempt. Don’t rely purely on this check though - phishers often create spoofed accounts that mimic the real ones.

Check for your name - Unless it’s a specific attack, phishers typically send out mails via large mailing lists. If the message isn’t addressed to you personally, and instead says something along the lines of “Dear BT Customer”, it’s likely to be spam or phishing.

This is a good check when the message claims to be from a major company. Most corporations target their communications, which means that people tend to get personalised emails with their name on.

Is it asking for account details? - Very few companies will ask you to send over bank account numbers, credit card information, usernames or passwords via email. If the message is asking for these, it’s more than likely a scam.

Never send banking or account information via email because someone requested it. Even if you genuinely think the message is legitimate, phone the company to check first.

Check spelling, punctuation and grammar - Many phishers operate from overseas, and they don’t always have a firm grasp of the English language. If the message is packed with typos and grammatical errors, it’s probably a phishing exercise.

Are there any attachments? - Few legitimate companies will send you attachments without prior warning. If you get an unsolicited email with a file attached, then the chances are we have a phisher on our hands.

Always remember the golden rule - NEVER open an attachment if you are not 100% sure you know who sent it. After all, you don’t want to risk letting malware onto your computer. At best that will be an annoyance. At worst, it could steal valuable data or cause irreparable damage to your system.

Check links carefully - If the email contains links, don’t click them. Check where they lead first. Hover the mouse over the link and see what address appears - on webmail through browsers the link usually appears in the bottom left of the screen, and in programs like Microsoft Outlook it usually appears in a box.

If the link doesn’t appear, right click and copy the link’s location. Paste it into a word processor or notepad to check it out to see if it leads where the text claims.

Make sure you check links thoroughly - phishers sometimes spoof website addresses. It may look like the address you want, but one or two details might be different: for example, instead of www.bt.co.uk/contact, you might see www.bt.co.uk/conlact. Spot the difference and always stay alert.

What should I do if I get a phishing email?

The best thing to do is report it. In your case, Lydia, we spoke to BT and they recommend you follow their standard guidelines and forward phishing messages to abuse@bt.com.

Each broadband provider has its own process in place for dealing with phishing. The best thing to do is check their website for specific instructions.

Webmail services, such as Hotmail and Gmail, also let you report messages as phishing. In Hotmail, click the box next to the message and the tab at the top of the screen that says “Mark as”. Select “phishing” from the menu and you’re done. In Gmail, you can report phishing messages by using the pull down menu next to the date on an email.

I hope that helps, Lynda - remember, if nothing else you can always just delete the message.

Ask us a question

If you have a general Internet, broadband switching or Internet service provider query please get in touch with us here

Compare broadband deals

Save up to £363* when you include TV and calls with your broadband

CLOSE [X]

*Enter your postcode to find the best broadband deals in your area. We value your privacy, please see our privacy policy.

Why we need your postcode