cancel
Showing results for 
Search instead for 
Did you mean: 

RE: "btconnect.com" phishing email: "Your new BT bill is ready".

abm
Member

We have a “btconnect.com” email address. We have been receiving a phishing email weekly for the last few weeks now.

 

It says: “Your new BT bill is ready”. It looks very genuine - except the listed products and services are not ours.

 

Our Internet security software flags it as a phishing/spam message and puts it in the junk folder correctly. We use Outlook as our email client (with POP) and Bit Defender Internet Security as our AV.

 

What is concerning us is the sender’s email address in this phishing message is our actual “btconnect.com” email address. So, it looks like we are sending the message to ourselves.

 

However, the message is not in our “Sent Items” folder or any other folder. We have double-checked in webmail - and again we can’t see the sent message in any folders and no mail rules are set up to delete it or hide it.

 

As a precaution, we did change our email password two weeks ago, but we continue to receive this one phishing email. Is it possible someone has spoofed our “btconnect.com” email address? Any advice and guidance from a support admin would be welcome. Thanks in advance.

3 REPLIES 3

BethM
Administrator
Administrator

Hi abm

 

Often phishing emails will hide their true email addresse when sending out phishing scams in order to appear more genuine. What we ask when you receive an email like this is to forward it onto phishing@bt.com who will investigate into it further.

 

Beth


^BethM

abm
Member

Hi Beth

 

Thank you for your reply. We have already forwarded it to phishing@bt.com over two weeks ago - but no one has got back to us with any response or advice. We understand your point about the displayed address - but the "true" address showing is definitely our actual btconnect.com address as far as we can tell. Hence why we are concerned.

 

Thanks.

kelper
Guru

Spammers and phishers can easily fake the sender's address in emails.  They use yours to try and fool your anti-malware.  It does not mean you have been hacked.