Why on earth are BT still including a clickable link link in emails that tell you that you have a new bill? I appreciate that personal details are added to a genuine email, but anything that encourages users to click on a link in an email in this day and age should be discouraged.
I have just had to reset all of my 88 year old father's passwords as he had received 3 emails, all purporting to come from BT, only one of which was genuine. He was having difficulty getting on to his bill - it kept defaulting to a payment page, which looked highly suspect, so I suspect his credentials *had* been phished. I have changed all the passwords using a different (clean) PC, shown him how to access the billing page by going to MyBT from his browser manually and told him *never* to click on a link in an email, however genuine it appears.
Other organisations (e.g. HMRC) no longer include clickable links when they send emails to notify you of a need to log in to your account. They just tell you to go to your account and log in. Please change your practices, BT...!!