Fraudsters are spamming out fake British Gas utility bill emails that link to a virus that takes over victims computers.
Action Fraud has received hundreds of reports of these emails cleverly designed to look like a seamlessly harmless utility bill.
The emails entitled “Your summer gas & electricity bill” contain links that take people to a website where they are told to download a file in order to view their bill.
After downloading the file, the virus locks you out of your computer and then directs you to an online payment page.
Variations of the emails
We have also seen some variations with the subject line “New gas & electricity bill” which include victim’s full name within the email.
British Gas say that their emails will always be personalised and often quote your British Gas account number (where the email relates specifically to your account) and will only provide links back to the britishgas.co.uk website.
Having up-to-date virus protection is essential; however it will not always prevent you from becoming infected.
- Make sure that your internet browser and any plug-ins (e.g. Flash, Java, Silverlight) are up-to-date
- Don’t click on links or open attachments from unknown email addresses. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of any such link or attachment.
- Please visit the British Gas website directly and log in from there to check utility bills. Do not use the purported link provided in suspicious emails.
- Avoid logging into your email account from a public computer (e.g. at a hotel or internet cafe) as it could be infected with spyware.
- Additionally don’t connect to unsecured public Wi-Fi, use mobile data services such as 4G to access your accounts instead.
- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to isn’t left connected to your computer as any malware infection could spread to that too.
- Don’t pay extortion demands as this only feeds into criminals’ hands, and there’s no guarantee that access to your files will be restored if you do pay.
If you have downloaded the virus, do not pay any money and get in contact with Action Fraud to report and get advice on what to do next.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use their online fraud reporting tool.
For more information about our work, please visit www.safeinwarwickshire.com/cybercrime
Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).
Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.