Perhaps a bit of positive feedback for BT for a change and an opportunity to share. But BT pretty quickly picked up and notified me of someone trying to use my e-mail account yesterday; and temporarily shut down my account before I re-activated it. Also told me clearly how to reset the account and to set up two factor authentication when I use the account from other than my home device. I'm guessing I was the victim of a GDPR breach somewhere; perhaps historically but who knows. The person tried to buy a gift card on Amazon and a gift card on Marks and Spencer using my e-mail address but to no avail. Have renewed all my cards just in case. Quite scary and I just hope they have been deterred.
Solved! Go to Solution.
Are you sure you were dealing with BT and not a scammer ?
How did BT contact you? Was it a cold call or did you contact them?
How did BT know that your email address was being used to purchase anything let alone on M&S and Amazon?
Yes BT contacted me by text and e-mail and I verified it all. I think they saw the activity coming from an unknown/unrecognised computer; not a purchase as such. They suspended my account until I reactivated it and it was all pukka. They didn't mention Amazon or M&S. Amazon contacted me direct to say they had detected misuse and blocked transaction; again I verified. And I knew about M&S because I received an e-mail saying I'd bought a Gift Card when I hadn't. Again I contacted M&S by phone directly. Strangely, the hacker had tried to use my e-mail address to make the M&S purchase but with someone else's name and credit card number so no charge showed up on my credit card. But I cancelled them anyway.
When an email account is locked due to suspicious activity we normally send notifications to let the customer know why its happened and these instructions are included to help the customer secure the email account.
@graeme57 I presume this is how you found out the email was compromised?
If you search your email address on https://haveibeenpwned.com/ it will show you if it has been released in any historic data breaches.
I rather suspect it wasn't a hacker, simply somebody mistyping an email address similar to yours if the alert was genuinely from BT.
It does seem a bit suspicious that BT contacted you though.
Edit: Typing whilst @NeilO posted.
Thanks for the clarity regarding contact etc.
Yes that's correct Neil. Said someone tried to access without my permission. I've checked the pwned site and in my case it could have come from the relatively recent Linkedin data breach, but who knows. And yes the notification was definitely from BT, so thank you. Amazon were quick too. Definitely a hacker of some sort. Hopefully I have now had my turn!
Just as an added layer of detail. Amazon could show me the time; the type of device used (not mine) and the approx location at which the attempt was made.
M&S could identify the name of the person who had seemingly placed the order on their site (a female) although strangely the Gift Card she wanted was still sent to me, but said it was from me to her.