In March 2023, BT customers were warned that scammers were using a new email campaign to fraudulently target their customers for money. In this blog, NEBRC will go into detail about exactly what happened and how to protect yourself in case of any future scandals. If your knowledge needs refreshing on how to spot a phishing email, then you are in the right place.
So, what was the BT Email Fraud Scandal? The BT Email Fraud scandal involved scammers sending fake emails to BT customers to trick them into releasing their bank details. The emails used much of the information that BT typically includes within customer emails, except it provides a link to a fake website for users to set up a new direct debit.
Keep reading to find out more about what the BT email scandal involved as well as what to do if you think you have been targeted by one of these emails.
What Did the BT Email Fraud Scandal Involve?
In March 2023, BT customers received information that scammers had been targeting customers through phishing emails. The purpose of these emails was to target customers and trick them into providing their bank details. The scam utilised genuine BT links, privacy policies, contact information and even links to BT’s online scam advice. All of which made the emails very convincing.
The scam email also used recognisable BT branding and read as follows “We wanted to let you know that your Direct Debit with us is no longer active. This means you don’t currently have an automatic payment method set up to deal with your bills.” Following on from this, BT customers were then discreetly directed to a fake website where they were guided to set up a new direct debit designed to harvest personal and financial details.
After many successes, patterns began to emerge within the emails which made it easier for BT customers to recognise if it was a legitimate email or not. Which? reported that the fraudulent emails originally came from [[email protected]] which is an instant red flag.
They also reported that the email requests for any outstanding bills be paid to a Vodafone account – one of BT’s main rivals – insisting: “Next bill due soon? Please pay another way. Just to note, if your next bill is due before the new Direct Debit is set up, you’ll need to pay using the My Vodafone app or by calling 56677 free from your Vodafone mobile.” Once again, this is another key feature to look out for in BT emails in the future.
What to Do if You Think You Have Been Scammed by a BT Email
Now that you are aware of the typical features of the BT email scam, you are probably wondering what steps to take if you have been affected. Take a read below to find the advice you need to move forward.
BT is urging its customers to be extra vigilant and always be suspicious on any emails that link or request personal banking details. Any unusual activity can be reported to: [email protected], or to BT direct at [email protected]. Some of the key features BT have shared for you to look out for include:
- Unnecessary urgent tone within the email
- Spelling or grammar mistakes
- Requests for personal details, passwords or bank details
They also recommend that if you do think your bank details have been given to the scammers, to contact your bank immediately for support.
How to Protect Yourself From Email Fraud
As previously mentioned, the typical defence for protecting yourself from email fraud tends to rely on you noticing key features within emails. This is true, but there are other steps that can be taken, especially if you are a business or organisation, in order to avoid email fraud in the future.
The NCSC recommends a multi-layered approach to protecting yourself from email fraud. The key steps involve:
- Make it Difficult for Scammers to Reach Users
Some of the main ways to prevent scammers from reaching you or your users include implementing anti-spoofing controls so that it is harder for them to access your email addresses. Another thing to consider is how easily accessible your email address or contact details are on social media or websites. A further step is to block spam emails in your email settings.
At NEBRC we can help you implement anti-spoofing controls. Get in touch with us today to receive guidance on how to do so.
- Educate Yourself/ Users on How to Identify Fraudulent Emails
Research and training can help you and/or your employees to learn the main red flags when it comes to scam emails. Reviewing internal processes that could be mimicked also helps you to become more aware of how easy it could be to miss this type of email.
- Protect Your Business From the Impact of Undetected Phishing Emails
Setting up two factor authentication can also be a great way of protecting yourself when undetected phishing emails slip through the protections in place. Ensuring you have an up-to-date browser can also help you and your users avoid malicious websites where scammers could gain access to your info.
- Respond Quickly to Incidents
The final layer of protection involves defining and practising the ideal way to respond to a phishing email incident with your employers or just for yourself. This can include legal steps that need to be taken and identifying the relevant helplines to call.
We recently wrote an informative blog on email fraud that details examples of email fraud and whether you can be targeted from just opening a scammer’s email. For more information, click here and take a read through.
Email Phishing Support with NEBRC
The North East Business Resilience Centre has a wealth of knowledge and experience relating to email scams. We can support you and your business in protecting yourselves from malicious scammers as well as providing you with guidance if you have already been targeted. Our Cyber Security Awareness Training service is ideal for helping you to become more aware of how to protect yourselves from cybercrime and phishing emails.
Don’t hesitate to get in touch with us today for advice on how to avoid or deal with email scams. Remember the NCSC have a great free service whereby you can forward, or take a screenshot of suspicious emails to send to them at [email protected], they can use this information to get a better understanding of who is sending these emails and better better protect us all from harm