Online security

 

If you get a suspicious email

It's not always easy to spot phishing emails. Scammers use email or text messages to trick you into giving them your personal information or click on a link which could download viruses onto your computer. It's one of the most common methods of cyber crime, but despite how much we think we know about scam emails, many of us still fall victim.

If you're in doubt over any email claiming to be from us, don't click any links. Please attach it to a new email and send it to phishing@britishgas.co.uk. Then delete it straight away.

Not a business? Go to our British Gas residential website for help.

How can I tell if my email is from British Gas business?

We email you for lots of reasons, like letting you know when your next bill is ready, confirming a payment or telling you about new offers we think you might like.

You can tell it's really us because:

  • If we know your name, we'll always start our emails with 'Hello' and your first name. If not, we'll simply use 'Hello'
  • Here's a list of the internal email addresses we use:
    @ukb.britishgas.co.uk, @britishgas.co.uk, @mail.britishgas.co.uk, @emailbritishgas.co.uk, @britishgaslite.co.uk, @centrica.co.uk, @centrica.com
  • We also send emails from the following 3rd party domains for confirming appointments and research projects that end:
    @contactengine.email, @britishgas.flexmr.email, @kpmg-nunwood.co.uk
  • If we email you about your account, we'll include your British Gas business customer account number in the email
  • We'll rarely ask you to update or confirm your personal details. But we may ask for some information when you subscribe to any newsletters or regular communications with us
  • We'll never ask you to reply directly to our email. But if you do, you'll get an auto-response with helpful solutions on our website
  • Aside from our welcome email which will include your contract or agreement, we don't add attachments to our emails
  • We'll only link back to the britishgas.co.uk/business website, but if you're in any doubt it's best not to click any links.

How to spot scam emails and websites

Never trust emails and websites that:

  • Begin with 'Dear customer' or 'Hello' and then your email address instead of your name.
  • Have a poor design, spelling errors and bad grammar – for example, incorrect email addresses with @birtishgas.co.uk instead of @britishgas.co.uk, or cemtrica.co.uk instead of centrica.co.uk
  • Come from public domains like Yahoo, Gmail or Hotmail. Anyone can change their sender name to 'British Gas', so always check their actual email address to be sure
  • Have suspicious looking attachments
  • Use odd looking web or email addresses. Our website is britishgas.co.uk/business/, not someaddress.com/britishgas.co.uk/business/


Always check website links

The most important thing to be wary of is website links. Most of the links in our emails will take you to the British Gas business website (www.britishgas.co.uk/business) – but there are a few rare exceptions.

Whenever you hover over a link, you might see a redirect link from your e-mail provider, which starts with something like this:

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbritishgas-ukb-prod.quadientcloud.eu%2Fapi%2Fquery%2FMessenger%2FTrackerQuery...

They will recognise phishing emails and warn you if they think it's suspicious. And if it's a genuine email from British Gas business, you'll see our domain name within this link (britishgas-ukb-prod). But some providers don't use redirect links. So instead, you should see britishgas.co.uk when you hover over a link.

If you're in any doubt, don't click on any links. And if you get an email asking for payment, open a new web browser and access your account directly from the britishgas.co.uk/business website. There you'll see any genuine outstanding payments or transactions you need to make.

Remember: If you're in doubt over any email claiming to be from us, don't click any links. Please attach it to a new email and send it to phishing@britishgas.co.uk. Then delete it straight away.

Protect yourself from malware

Sometimes criminals use scam emails or text messages to distribute malicious software or 'malware'.

Their goal is often to convince you to click a link. Once clicked, you may be sent to a dodgy website which could download viruses onto your computer, or steal your passwords and personal information.

These attachments or links will attempt to download malicious software onto your computer that could allow criminals to capture what you type, or compromise your personal files.

How to keep yourself protected:

  • Never click on links or attachments that you're not expecting.
  • Disable the use of 'macros' in Microsoft Office documents
  • Always make sure your software is up-to-date
  • Always run an up-to-date virus checker

Secure your passwords

  • Use different passwords to access different websites, user accounts and email accounts. Otherwise, if someone gets hold of your password for one website, they could use it to access your other accounts
  • Use strong, complex passwords such as creating a passphrase, or three random words,  including a combination of upper and lower case letters, numbers and special characters
  • Never use passwords like your family name, pet name, actual name. family birthdays or numerical sequences
  • Never share your password with anyone.  If you think someone knows your password, change it immediately
  • If available, use at least two forms of authentication to login to websites and emails accounts - known as Two factor authentication (2FA) or multi factor authentication (MFA). This can be for example via an SMS message, authentication application, or hardware token.
  • Use a password manager/password safe to store passwords instead of writing them down

What to do if you've already responded to a suspicious message

  • If you've already responded to a suspicious message, take the following steps:

    If you've been tricked into providing your banking details, contact your bank immediately and let them know.
  • If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to this guidance on recovering a hacked account.
  • If you received the message on a work laptop or phone, contact your IT department and let them know
  • If you opened a link on your computer, or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan
  • If you've given out your password, you should change them on any of your accounts which use the same password
  • If you've lost money, tell your bank and report it as a crime to Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland). By doing this, you'll be helping the battle against criminal activity, and in the process prevent others becoming victims of cyber crime

Find out more about how to protect yourself online

For more help on how to protect yourself online visit:

Get safe online – free expert advice

National Cyber Security Centre (NCSC) – Top tips for staying secure online

Related help