“Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”

Earlier this week i received an email from BT telling me that a recent monthly payment was declined and advising that i should log in to my account and update my billing information.

On first look the email looks pretty convincing, as did the fake website that the email links to where it wants you to enter you login details and update your payment information.

bt-phishing-scam
Click to Enlarge
But when you start looking at the email thoroughly you can see simple mistakes that make it stand out as a fake!

  • The email FROM: name is British Telecom a name that was replaced in 1991 with the shorter BT.
  • There is no mention of the BT Account number, just a random number beginning with a hash #
  • They addressed me as info, the beginning of my email address and obviously not my name.
  • When you look at the email address that sent the email is was office at sumortuary dot com, which is actually a Mortuary in Southern Utah, so the Mortuary is also a victim.

If i hadn’t taken care to look closely at the email, and just blindly followed what is asked me to do, the scammers who sent the email would have easily collected my email address, BT username and password and my bank account details.

There are lots of different phishing scams around at the moment which on the surface look like they are from legitimate companies such as PayPal, Apple, BT, HMRC and various UK Banks.

If you are unsure of any emails you receive either contact the company, via a different method, to see if it’s legit or speak to someone who knows more about online security.

I have since reported this email to BT at there dedicated phishing email account phishing@bt.com

 

Beware Phishing Emails