/ Money

Scam warning: British Gas phishing email

5
Profile photo of George Martin George Martin Conversation Editor
Comments 5

A phishing email purporting to be from British Gas is fraudulently promising customers a ‘refund’ of more than £400. Have you come across it?

British Gas is making its customers aware of a fake email telling its customers that they’ve ‘overpaid’.

As with similar phishing attemps we’ve been made aware of, such as this DVLA email, fraudsters are after your personal data and/or bank details.

Here’s what the fake email looks like:

The passing off of well-known and respected brands is nothing new. This year we’ve seen Bitcoin scammers impersonating Martin Lewis and the Mirror by email, while a member got in contact with our magazine to alert us of similar phishing attempts disguised as emails from the Royal Mail.

How to deal with phishing emails

We asked British Gas to comment on the email for Which? Conversation. Here’s what it told us:

“We take the issue of phishing very seriously and we take action where we identify any attempts to trick our customers.

We’ve recently become aware of an email which appears to come from ‘bills@britishgas.co.uk’ and we’ve warned customers that this is not a genuine email.

If any of our customers are concerned about a suspect phishing email they can send it as an attachment to phishing@centrica.com so we can look into it further”

We’d encourage anyone who’s seen the scam to send a screenshot to the email British Gas has provided. You can also make Action Fraud aware.

Which? News: 12 banks haven’t yet signed up to new scams protection code

If you think you’ve given a fraudster your bank details, contact your bank immediately. You should also change any passwords that may have been compromised as soon as possible.

You can view all our advice for spotting and reporting scams on our dedicated Consumer Rights site.

Are you a British Gas customer? If so, have you received this scam email?

Let us know in the comments if it’s turned up in your inbox, and help us warn as many people as possible.

Comments
5
duncan lucas says:
25 September 2019

I am not a BG customer but there is a website for checking emails and is easy to use –
https://isitphishing.org/
Actually – bills—@—-british—gas.com by itself got a green tick for okay,
the full entry must be provided.
You can enter the brand name or subnet in format –xxxx-xxx etc .
Its actually for website owners/business use and the widget can be added to the server for testing URL,s but I realise Which ? already has a tester .
The second URL is not meant to link anywhere its just an example.

0
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
26 September 2019

If you have an online account it will be easy to check that the information is false.

It’s about time that companies dealing with money were banned from including links in emails. It might be a convenience to have them but the are responsible for far too many scams. If it is necessary to contact a customer then simply ask them to log-in.

4
Vote up  |  Vote down   Reply    Report
Share   
Robert Moore says:
5 November 2019

i have today recieved this gas over payment email and i am not even with british gas

0
Vote up  |  Vote down   Reply    Report
Share   
Darren says:
6 November 2019

I received it and the worrying thing was the figure they quoted was very close to my balance ….. very very nearly fell for it until I checked the e mail address ….. scumbags

0
Vote up  |  Vote down   Reply    Report
Share   
Steve C says:
16 December 2019

checking to source email address is mostly pointless – it is trivial (and in some cases necessary/useful) to use a different email address as the source.

Also be aware of checking the link you’re asked to click on. The use of ‘1’ (one) instead of ‘l’ (lower case L) can be hard to see in many default setups’ fonts, and even a legitimate looking one (such is www dot genuine address dot com) can be followed by characters which hide the full address (such as www dot genuineaddress dot com dot actuallyatnastydomain dot com)

Generally be aware of unsolicited requests for information and helpful people contacting you to give you something or save you from some sudden jeopardy (e.g. ‘we have detected fraud on your account – we just need the 3 digits from the back of your card to confirm it is you so we can discuss the matter…’)

0
Vote up  |  Vote down   Reply    Report
Share   
 

Related discussions