Over the last year, there have been many reports of consumers receiving suspicious-looking emails which claim to be from British Gas.
They state that you owe an additional amount of money on your energy bill and will ask you to click on a link to pay soon or you’ll incur further charges. In reality, this is a phishing email with fraudsters trying to get you to hand over your bank details.
Unfortunately, this isn’t a new phenomenon. Cyber criminals have used this type of fake email to try and defraud consumers for years now. While at first glance a phishing email might look almost identical to a legitimate one, there are several signs you can look for which will tell you whether or not it’s actually from your energy supplier.
What is phishing?
Phishing refers to when cyber criminals attempt to trick you into handing over sensitive information, whether that’s personal like your date of birth or financial like your bank details.
When it’s via email, they will either try to persuade you to click on a link which then takes you through to a dodgy website or open an attachment which contains malware. This could be anything from a virus that’ll attack your computer or spyware which will allow them to see your passwords.
How to recognise fraudulent emails from your energy supplier
If you receive an email from your energy supplier which just seems a little off, there are a number of simple questions you should ask yourself to help determine if it’s a scam.
What does the sender’s email address look like?
A fake email will normally have the right display or sender name but the email address following it will look very odd. It may be spelt wrong, have lots of random numbers and letters in it or a domain name (the part after the @ symbol) that’s got nothing to do with your energy supplier.
Is it asking you to click on a link?
Depending on the context of the situation, emails which include a link to another webpage aren’t always fraudulent. There’s nothing to worry about if you’ve just switched to a new energy supplier and get an email which asks you to click on a link to confirm your account for example.
However, if you receive an email out of the blue that claims you need to pay extra for this month’s bill and wants you to click through and enter in your bank details, you should definitely be suspicious.
Hovering over the link with your cursor will display its URL in the bottom left-hand corner of the screen so you can see where it’s trying to direct you. If it’s nothing to do with your energy supplier and is instead a long string of unrelated words, letters and numbers, be sure to avoid clicking on it.
Does the email contain any bad grammar or spelling mistakes?
Many fake emails are full of poor spelling and grammatical errors, something which you’d never see in an official email from your energy supplier.
The presentation of a fraudulent email may also not look right. There could be different styles and sizes of fonts used throughout and your energy supplier’s logo might look different to normal.
Example of a fake email from British Gas. Notice the strange-looking email address and how it's trying to persuade you to click that link!
Is the email addressing you by name?
A real email from your supplier will address you by some variation of your name, like Mr Smith or John Smith, but a fraudulent one will use something far more generic sounding like:
- “Dear valued customer”
- “Dear account holder”
- Or even simply “Hi”
Does the email contain your account number?
When emailing you about something to do with your account, some suppliers will also include your account number. Its absence may not be a major red flag when taken by itself, but it could definitely be cause for concern if some of these other indicators are also present.
Does the email ask you to disclose sensitive information?
If an email pertaining to be from your energy supplier asks you to hand over sensitive information it is almost certainly fraudulent.
Your energy supplier will never ask you to disclose personal information over email. This includes:
- PIN number
- Long card number
- Your home address
- National insurance number
- Your bank account password
Scammers will create some kind of fake story designed to convince you to hand over your personal information. For example, they might say that they’ve detected some strange activity on your account and you’ll need to login to sort it out or that you’re due a refund and need to enter in your bank details for it to be processed.
Is the email trying to rush you into doing something?
Cyber criminals will use urgent messaging, like take care of the remaining balance on your bill or risk receiving an expensive fine, which is intended to cause alarm and make you act without thinking too much about what you’re doing.
Take a minute to examine any email that’s demanding you take action especially if it’s related to payments. Better to be safe than sorry!
Another example of a fake email from British Gas. It's trying to scare you into clicking that link by explaining how you could face serious penalties if you don't!
Finally if you’re still not sure, get in contact with your energy supplier!
If you’ve gone through all of the above questions and still aren’t sure about the validity of the email, don’t be afraid to get in touch with your energy supplier. Don’t worry about feeling like a nuisance, they’d rather you take the time to check than fall victim to a scam!
Your supplier will often be aware that a scam is circulating so it’s also a good idea to check the help section of their website and social media pages. They too will have likely published instructions on how to deal with a fake email.
What should I do if I receive a fraudulent email?
If you think you’ve received a scam email it’s really important that you don’t reply, click on any links or open any attachments that are included within it.
The best course of action to take is to forward this email to your energy supplier or Action Fraud if they don’t have an email address specifically for reporting suspicious email activity. They are an organization here in the UK that’s specifically dedicated to investigating and fighting cyber crime.
What else can I do to protect myself online?
Fraudulent emails are sadly just one of the many security threats you have to watch out for whilst browsing the internet. Don’t worry though, there are plenty of quick, easy steps you can take to keep yourself safe online!
Use strong, unique passwords
When signing up for a new service be sure not to choose a password that could be easily associated with you. Avoid using the names and birthdays of family members for example or an extremely generic one like password123.
A tip for creating a strong password is to modify an existing phrase using a combination of letters, numbers and symbols. For example, “I drive a car” could become “1 dr1v3 @ c4r”
Install some antivirus software on your device
Antivirus software adds an extra layer of protection to your device by working to block any incoming threats it detects and alerting you if the webpage you’ve clicked on is suspicious.
There are many free options which will give you a good standard level of protection and certain computers like Windows and Apple Macs come with some already pre-installed.
Make sure your security features are up to date
There’s no point having antivirus software on your device if it doesn’t work properly!
You should regularly check whether it needs to be updated to ensure you’re fully protected against any new security threats.
Back up any personal files stored on your device
Certain types of malware have the ability to damage or even permanently delete files from an infected device, so you should be sure to back up anything that’s important to you like family photos or documents related to your work.