British Gas customers are being warned not to fall for phishing emails that claim they are owed a refund.
The email is branded with the official British Gas logo and claims the user’s account will stop working within 24 hours unless they click on a “get your refund” link.
To make the email appear even more realistic, the crooks have included information on how the user can ‘keep their account safe’.
If customers are lulled into a false sense of security and click on the link, they will be directed to a website that asks them to fill in their personal details to receive their refund. As is the case with so many of these scams, the site is nothing more than a fake phishing website set up specifically to harvest personal and financial details.
Phishing websites are created to dupe unsuspecting users into thinking they are on a legitimate site and will often contain the same branding, logos, and language that appear on the real site.
This tried and tested method is frequently used as it can be hard to distinguish a fake website from the real deal. There will always be a proportion of people that are duped into handing over their details and over 100 people have already reported the latest scam to Action Fraud.
Image: Fake British Gas Phishing Email (Source: Action Fraud)
British Gas advised customers on how they can distinguish between a real email from the company and a well-crafted fake: “We may email you for lots of reasons, like letting you know when your new bill is ready, confirming a payment or telling you about offers we think you might like. But you can tell it’s really us because:
- Our emails will always address you by name.
- If the email is about your account, it will have your account number.
- We won’t ask you for any personal details.
- Our emails will only give you links back to the britishgas.co.uk website, but it’s best not to click on any links if you’re in doubt.
How to Protect Yourself from Phishing Scams
To protect yourself from falling victim to a phishing scam, you should follow the below guidelines:
- Never click on links or download attachments from unknown sources.
- Always verify the security of a website.
- Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
- Ignore and delete emails with poor grammar and formatting.
- Install the latest anti-virus software solutions on all your devices.
- Use strong passwords to reduce the chance of devices being hacked and use different passwords for different accounts.
- Question the validity of any email that asks you to submit personal or financial information.
Identifying a phishing email has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods. MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Contact us for further information on how we can help protect your business.