We've recently seen an increase in reports of phishing attempts. Find out how we can help you spot a fake email and keep your details safe here >
Phishing is a type of online identity theft. Scammers use messages designed to look as if they are from a genuine company to try and trick you into giving out private information like your BT ID username and password or even your bank details.
Think before you click
- BT will never ask you for private/personal details or banking information out of the blue
- BT will never send you an email with an attachment
For further help with phishing emails and what to do if you've clicked on a link, follow our guides below.
You can also find out how to avoid different types of scam at bt.com/scams. This site is written in partnership with Action Fraud, the UK's national reporting centre for fraud and internet crime:
You should be suspicious of any email which asks you to verify your account, or provide personal information such as bank details or login details.
Check the email against the points below. If you're still worried, treat it as a phishing email and follow our next step: "I think I've received a phishing email. What do I do?".
If you still aren't sure, here are some more tips for spotting phishing emails:
- Did the email come out of the blue? If you're not expecting a parcel, haven't placed an order, or you've already paid your bill, be suspicious. Don't be tempted to reply. If something seems too good to be true, it probably is
- If the email asks you to confirm details by following a link, hover your cursor (but don't click) over the link to see where it should take you. These links can be forged or seem very similar to the proper address. Even a single character's difference means a different website
- Is the email trying to create a sense of urgency or panic? A common tactic of fraudsters
- We will never ask for your personal details in an email. Always access your online services through bookmarks or typed web addresses (URLs). Don't use links provided in the email
- We'll never send you any emails with attachments
- Is the email grammatically correct and is the formatting of images correct?
Phishing emails can be hard to spot. They're designed to look like real emails from real organisations. If you're unsure about any email purporting to be from BT, delete it and log on to your account by typing the web address (www.bt.com/mybt) into your browser.
It depends on what action you took when opening the email. Follow the guide here:
I haven't replied or clicked on any links
- If you've only opened up the email, don't worry, you're unlikely to have been compromised
Forward the email to firstname.lastname@example.org, then delete it
I've followed a link in the email and or downloaded an attachment, but I didn't fill anything in
- If you clicked on a link or downloaded an attachment you should run a virus check on your computer to be safe > (opens a new window)
- Forward the email to email@example.com, then delete it
I've submitted some of my personal details
- If you clicked on a link or opened an attachment, you should run a virus check on your computer to be safe > (opens a new window)
- If you entered your BT ID details then your account may have been compromised. You will need to secure your account by following our advice on compromised accounts:
- If you entered your BT email address your email may have become compromised and you will need to follow our guide for compromised email accounts to resecure your account.
- If you use the same email and password combinations for other services you should change these passwords too. Remember, it's recommended that you don't use the same password for multiple accounts
- If you've entered banking information, such as your account details or credit card information, you'll need to notify your bank
- Forward the email to firstname.lastname@example.org, then delete it
Please note that we actively look out for phishers and fake BT phishing emails and strive to shut them down as quickly as possible. Forwarding BT-branded phishing emails to email@example.com will be of great help to us. Remember, do not click any links or download any attachments.
Our chargeable BT Tech Experts service can also help with Phishing scams. Find out more about BT Tech Experts > (opens a new window)
You're not alone. In 2012-2013, 37.3 million users around the world were sent phishing emails.
All email users are vulnerable to receiving phishing scam emails. Criminals have many ways of obtaining email addresses to send phishing scams to:
- Using automated software to generate addresses
- Enticing people to enter their details on fraudulent websites
- Hacking into legitimate websites to gather details of users
- Buying email lists from other spammers
- Inviting people to click through to fraudulent websites posing as spam email cancellation services
The phishers send out millions of messages to email addresses. If you've received a phishing email trying to trick you into giving out personal information, so have millions of others.
Simply receiving a phishing scam doesn't automatically mean you are at risk. However, clicking on links can put you at risk.
- We recommend you activate BT Web Protect - our new security product that'll help protect you from viruses, scams and phishing attacks by warning you if you're about to visit a potentially harmful website. Once BT Web Protect is turned on, all devices using your home BT Broadband connection will be protected when you're on the internet. It'll also work when you're out and about in the UK and you use your BT ID to log in to BT Wi-fi. It's free for all BT Broadband customers. Find out more about BT Web Protect >
- We recommend you install our anti-virus BT Virus Protect. BT Virus Protect has a featured called SiteAdvisor which warns you with an on-screen message before you interact with a potentially harmful website by checking for threats such as spyware, online scams, and spam. Find out more about BT Virus Protect >
- Make sure your email spam filter is always switched on to minimise the risks. Your BT mail email spam filters are always on by default. If you use a different mail provider, find out from them if they have a spam filter and how to turn it on
- You should always have the latest up-to-date version of your web browser - current versions have built in security protection
- Don't reply to a spam mail, this just confirms to spammers that your email address exists
When you send an email to firstname.lastname@example.org we act quickly to get reported phishing websites taken down by contacting and working with website owners, domain registrars and industry security teams around the world.
We are also proactively on the lookout for phishing sites which we monitor and take down quickly.
Our success rate is high with only a tiny minority remaining active for more than seven days.
Last year, with our proactive approach and your help in reporting these emails, we closed down more than 10,000 rogue websites.