A few days ago I received an email from British Gas. It was titled “Your latest reward from British Gas: A chance to win a prize from Hotel Chocolat”. All I needed to do as a valued customer was to enter the prize draw. Let’s face it, who doesn’t want a free box of chocoloates?
The email was from “customerservice@britishgas.co.uk” so I clicked the “Enter the draw” button.
This took me to a form that wanted my name and address.
I started filling it in and then stopped. How did I know this was genuine? What if it was a scam and someone was about to farm my personal details?
I thought about it for a few minutes and released there were only two flimsy bits of information that indicated it might be genuine :
- The sender was “customerservice@britishgas.co.uk”
- I am one of their customers
but on the other hand :
- Email addresses can be forged so “customerservice@britishgas.co.uk” could have been anyone
- Me being a customer could be coincidence if this was randomly sent to thousands of people
- They already have my name and address so why would they need to ask me again?
- The form was hosted on “view.ed4.net” which is a site I’ve never heard of. Certainly not BritishGas.co.uk.
The “ed4.net” domain redirects to “zetaglobal.com” which proudly lists some big-brand clients on its homepage. British Gas isn’t one of them but as I’ve never heard of “zetaglobal” either that means nothing.
So this is indistinguishable from a scam as I’ve no way of verifying it.
The correct thing for British Gas to do is to either tell me log into my online account and check my messages or direct me to a form on their own website. I would then have some faith I was entering my details into a legit system.
Big companies need to get a lot smarter with cyber-security, phishing and online security because at the moment they are not helping. Even if this email is genuine it is encouraging bad practice amongst their customers.
As it stands I will pass on the chance of winning a box of chocolates safe in the knowledge scammers are going to have to work a bit harder to steal my personal details.
4 Comments
Well I know 100% this was not a scam as I won 1 if the 10 hotel chocolat prizes and I am very happy with my prize and would like to thank british gas. If you are a customer and have an active account you will have subscribed to emails from them so you can rest assured any emails from British gas customer services is legit
The point is that you cannot tell that the email was from British Gas customer services. I *never* sign up for marketing emails but they sent me the email anyway. Scammers are now free to copy this style of email and customers won’t be surprised to end up on a non-British Gas site, I never doubted it was genuine but the way it is organised is poor practice and makes the fight against cyber-crime harder.
I stupidly went and filled the form out and received a box of Hotel Chocolate with a thank you card. I’m worried now after reading your message.wish I could send you a pic.
Don’t worry a guy in my office has already shown me a picture of his box of chocolates!