Solved: Re: Email Hijacking

enfield250 · ‎16-10-2025

Hello!

i just thought I should mentioned something that happened a couple of days ago.

I received a text message saying "Hello BT here, you have turned off two stage authentication".

You account is no longer secure, you need to re-secure your account."

I tried to sign on to BT Mail and found my password was not accepted, I then tried to login to My BT and it sent me to a security page. With a Red Banner saying my account had been suspended due to suspicious activity.

It gave me a choice of getting a passcode to reset my two-stage authentication:

The first choice was an email address which wasn't mine, the second choice was an email address which looked like it could be mine and the third was a moblie number which was mine except for one digit that was wrong.

It then said use a security question to get the pass code, well that had also been changed.

In the meantime every address in my address book received an email telling them that I wasn't well and could they purchase an Amazon gift voucher for me, and let me know if they got the message"

I contacted BT in Warrington, the chap was very helpful and after an hour everything was back as it should be.

Then yesterday I couldn't get into my email again it said the password that I had set up the day before was incorrect.

Another phone call to BT in Warrington and again my options to re-secure my account was incorrect. This time it only took half an hour to fix.

It's quite concerning that this hijacker or hacker could actually get into to BT and turn off two-stage authentication, i have had it before where they have got in and set-up auto forward, but not turned off two-stage authentication, it's very worrying.

gg30340 · ‎16-10-2025

If your email account was hacked, which it would appear it was, the hacker will have full access to your BT account, especially if you use the same username and password as your email account etc.

BT would obviously not know it was you who turned off 2FA and as such they send you an automated message just in case your account has been hacked and it would appear that their systems worked in this respect.

The hacker will also have access to your contacts and any other accounts that you use your email account to access and receive emails from.

If you have not done so I would suggest that you contact any banks, sales accounts ect and advise them you have been hacked and change the passwords to those accounts and if possible your email address that you use to access those accounts and receive emails to.

I would also advise that you alert all your contacts that any email coming from your email account should be treated with utmost suspicion. I would then stop using that email account and set up a new email account and advise your contacts that you have done that and tell them that in future anything coming from that email address should be treated as spam and deleted.

Christopher_G · ‎16-10-2025

Hi @enfield250

I'm sorry to hear that you've had this issue with your email account. I understand how concerned you must be. I can see that @gg30340 has given you some great advice around changing passwords with your bank and other important services, as well as notifying your contacts so that they don't fall victim to something similar.

If you continue to use your email account, and have any concerns that this is happening again, I recommend speaking with our Email Technical Support team again. There is a separate process that they will follow if you feel you're being targeted directly again.

Please keep us updated with what happens.

Chris

enfield250 · ‎17-10-2025

Thanks, very much for the advice, I shall certainly set up a fresh email account. It's not the first time, I have been hacked, so perhaps my email address is too obvious. Cheers, Colin

gg30340 · ‎17-10-2025

It might be that your password is too obvious. Use one that has letters upper and lower case, numbers and special symbols and is at least 12 characters long.

enfield250 · ‎17-10-2025

Hello!
My password contained everything you suggested and was 12 characters long. I'm in the process of setting up a new email account if I can remember how to. Cheers,Colin