Any phishing attempt wants to get as much personal and financial information from you as possible. This BT Account- Payment Declined pretending to come from BT.com <[email protected]>phishing scam is one of them. The phishers try to use well known companies or Government departments like British Telecom, HMRC, Inland Revenue, Virgin Media, British Gas or any company that many people are likely to have an account with.

This one wants your personal details and your credit card and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details.

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

The original email looks like this,

You have 1 new Message Alert! Your BT Account has generated an Important update alert. This measure has been adopted because we been unable to process your payment for your recent Bill. You must verify your information to avoid disconnection of service. Upon verification,your account will automatically update,click on the link below to complete this process.

Log in to My BT Account follow the instructions on your screen. *Important* Please update your records on or before 24hours,a failure to update your records will result in a temporary disconection of service.

BT Account Payment Declined

The link in the email leads you to a webpage looking like:

BT billing fake details

That leads on to a page to enter all your details, including bank account, credit card, mother’s maiden name and everything else necessary to steal your identity and clean out your bank and credit card accounts

BT billing fake details

Then you get a success page, where they kindly inform you that “The Anti Fraud System has been succesfully added to your account” and then are bounced to the real BT site

BT billing fake details successAll of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details.

Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.