A few days ago I received an email from British Gas. It was titled “Your latest reward from British Gas: A chance to win a prize from Hotel Chocolat”. All I needed to do as a valued customer was to enter the prize draw. Let’s face it, who doesn’t want a free box of chocoloates?
The email was from “firstname.lastname@example.org” so I clicked the “Enter the draw” button.
This took me to a form that wanted my name and address.
I started filling it in and then stopped. How did I know this was genuine? What if it was a scam and someone was about to farm my personal details?
I thought about it for a few minutes and released there were only two flimsy bits of information that indicated it might be genuine :
- The sender was “email@example.com”
- I am one of their customers
but on the other hand :
- Email addresses can be forged so “firstname.lastname@example.org” could have been anyone
- Me being a customer could be coincidence if this was randomly sent to thousands of people
- They already have my name and address so why would they need to ask me again?
- The form was hosted on “view.ed4.net” which is a site I’ve never heard of. Certainly not BritishGas.co.uk.
The “ed4.net” domain redirects to “zetaglobal.com” which proudly lists some big-brand clients on its homepage. British Gas isn’t one of them but as I’ve never heard of “zetaglobal” either that means nothing.
So this is indistinguishable from a scam as I’ve no way of verifying it.
The correct thing for British Gas to do is to either tell me log into my online account and check my messages or direct me to a form on their own website. I would then have some faith I was entering my details into a legit system.
Big companies need to get a lot smarter with cyber-security, phishing and online security because at the moment they are not helping. Even if this email is genuine it is encouraging bad practice amongst their customers.
As it stands I will pass on the chance of winning a box of chocolates safe in the knowledge scammers are going to have to work a bit harder to steal my personal details.