I have made several successful phishing reports recently and thought that all was well, but today am back to the same problem. I reported the issue as a complaint to BT a while ago and was told to address mail to portal-request@bt.com. and they concluded that the complaint had been resolved. Unfortunately the portal has rejected it "because of malicious content" (the whole reason for reporting it in the first place!). will there ever be a solution?

Further point, since all these spoofs come from identified hacked BT email accounts, what, if anything do BT do about warning the customer and resolving it? My own experience on the two occasions that I have been caught out is zilch.

Correction. It appears that the mail to portal hs been accepted.

---

@Scotsailwrote:

 

Further point, since all these spoofs come from identified hacked BT email accounts, what, if anything do BT do about warning the customer and resolving it? My own experience on the two occasions that I have been caught out is zilch.

---

They are not hacked BT email accounts. How do you mean "identified hacked"? Spoofing is simply that the email address has been used and is pretending to be a BTinternet account. The emails have not come from them.

I wrote from personal experience. I misguidedly clicked on a message purporting to be from BT offering my bill in a more acceptable form. As a result my account was hacked and messages, apparently from me at my address, were sent to my whole address book. Replies, of which I was unaware, were redirected to the spoofer and several friends were conned out of money, thinking I had asked them for help.

If a phishing mail is sent from a genuine BT address, it is reasonable to conclude that the address has been hacked. There must be a way for BT to look into the situation and advise the account holder of the situation by some other means of communication.

You can check at

https://haveibeenpwned.com/

If your address is hacked.

Thank you for the information, I hope I am now more aware and will avoid future mistakes.

---

@Scotsail wrote:

 

If a phishing mail is sent from a genuine BT address, it is reasonable to conclude that the address has been hacked. There must be a way for BT to look into the situation and advise the account holder of the situation by some other means of communication.

---

Whilst it was unfortunate that your account was compromised it is not always the case that an email purporting to be from a genuine email address has come from a hacked account. 

Most emails that purport to be from a genuine email account are "spoofed" email addresses. The reason that scammers do this is because like you, most people let their guard down if they see an email from what they believe to be a known/trusted source.

Recipients of emails can check the actual email address that the email was sent from rather than just the address that it purports to be from. They can do this by "hovering" over the email address. The genuine email address will be then be shown.

If they are using BTMail in a web browser they can highlight the email and then go to "More" in the menu bar then "view source". This will show header of the email and its genuine email address along with its journey path to their email account.

As regards BT advising the account holder that their email account has been hacked. If BT become aware of a hacked account or there being suspicious activity, such as numerous incorrect log on attempts, they will lock the account and advise the account holder. That is assuming the account holder has supplied an alternative email account within their profile in their MyBT. If they have not done that the account will be locked until the account holder changes the password.

However, if an email account has been hacked where the hacker has obtained the account details through a phishing scam, BT are obviously unaware that the account has been compromised because the hacker is using the genuine log on and password as supplied by the unfortunate victim of the phishing scam.

In this instance, when the victim discovers what has taken place all that they can do is advise all their contacts that the email address has been compromised and that any email emanating from it should be treated as spam and deleted immediately. The victim should then stop using the email email account.

The victims contacts will no doubt still receive emails purporting to be from the compromised account but they will be spoofed emails. The reason that they will still get them is because the scammer will have harvested the victims contacts list and when it has been stolen it can not be un-stolen and can now be used/sold on by the scammer as often as they like. 

Because the email account has been "spoofed", the scammer can use any return email address that they want and by doing this the original victim is unaware that their email account has been compromised because all replies to the spoofed email do not reach their email account because the email did not come from them.

The best advice is to treat all emails as suspect, never click on any links within the email without hovering over the link to see where it will take you and even then don't. Use the genuine web site rather than the link if you need to check or confirm something in the email.

Thank you gg30340, much of what you are telling me I have already learned from experience. What I have yet to learn is how the "from" address can be faked without the sender having access to the genuine  source account. I have presumed that that is a requirement. If I am right then the rest of my logic follows. If not, it is something more for me to learn.

The email address is spoofed very easily without an account being compromised.

All the scammer needs is an email address. The scammers will just copy known email addresses such as BT's or your banks or any other company email address or they can set up email addresses of likely email addresses such as initial.name@bt.com It maters not to them whether it is genuine or not but most likely is a genuine email address.

They also harvest email addresses that are posted on forums and other public accessed web sites. (That is why you are not allowed to post personal email addresses on this forum). Think of how many places you have posted your email address.

They also get lists of email address from unscrupulous people who have access to the email addresses in genuine companies data base.

See link about spoofing.

 Email spoofing - Wikipedia

There is much more information in the Internet if you do a search for spoofed email addresses.

They only need to hack a genuine email account in order to harvest the contacts list if they intend to target the people in the list in the manner that they did with your contacts.