January 21, 2019

Good day, welcome to another bulletin from Breaking Scams…

Scam, just in…


Snow is falling outside as I write this latest scam post. Before I went to switch the heating up a notch, I checked my emails only to discover that British Gas have sent an email letting me know they owe me £467.92!

But wait, I don’t use British Gas?

Yes, yet again, the scammers have hit my inbox with what seems like the refund jackpot. The email received is shown below. It has a highly visible link in the email. I am encouraged to click this link to begin the process to claim the refund.

British gas phishing email

The warning signs in the email are, yet again, typical of a scam email, but the scammers use psychological tricks to make you think it might just be real:

  1. The email uses a well-known British brand – using the logo of the brand to add effect and make it look authentic
  2. The email offers a reward (refund in this case) to encourage you to click the link – several hundred GBP is very tempting


However, several things stood out that gave this email away as a phishing scam:

  1. The email address of the sender was not from a British Gas domain. Instead, it was from info at chopsoy dot net – DO NOT GO TO THE DOMAIN OF THIS EMAIL ADDRESS
  2. The link in the email goes to a site that is not British Gas*. British Gas domains always start with britishgas.co.uk/. Be careful, phishing emails will often use very similar domain names to try and trick you, e.g. briti3hgas.co.uk.
  3. The email had no salutation, real British Gas emails would always address you by using your name
  4. There was no reference number to identify the account that supposedly was owed so much money.

*NOTE – how to display the link URL in an email depends on which email client you open it in. However, in webmail clients, usually, if you hover over the link, the URL will appear in the bottom right of the screen.

What happens when you click the link?

On clicking the link, I was taken to a blank webpage. Often, a phishing scam link will take you directly to a site that collects personal data, such as name, address, date of birth, and/or login credentials such as a password. In this case, the page was blank which could mean that it had already been taken down or may have hidden something more sinister, such as malware or ransomware.


phishing website


However, you should never click on a link in an email if it looks suspicious to you. If you are curious, always go directly to the website of the named brand itself by typing the URL into a web browser directly.


Why do I get so many scam emails?

You may be wondering why I get so many of these scam messages? The fact is, there have been many major cyber-attacks on consumer databases over recent years; Equifax, Uber, and British Airways being recent examples. The scam messages that we report here target email accounts that have been breached during one or more of these attacks.

You can find out if your email address has been breached in a cyber-attack using security guru Troy Hunt’s Have I Been Pwned data breach checker site. Don’t worry too much if it has, you just need to be vigilant about phishing.


Why not help your colleagues in infosec stay safe and share this post – or, alternatively, feel free to copy and paste the below for sharing:

British Gas Scam Emails

A scam email which pretends to be from British Gas is doing the rounds. This email is a spoof and is not from British Gas. In its current form, it states that you are owed a sum of money by British Gas which you can claim by clicking on a link in the email.


This is a phishing email and clicking the link will end with your personal data or login credentials being stolen.

Other forms of phishing emails contain malware-infected attachments, which if opened will infect your machine with malware. This malware will then steal data and login credentials as well as cause other problems with your computer.

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Share this: