BT Overcharge Refund Scam

I’ve received a few of what looks to be a scam mail over the last 2 weeks.
When I forward them to phishing@bt it gets returned as rejected.

To report to BT phishing I sent screen shots as a work-a-round

The attached screen shots shows the e-mail I initially receive & the rejection e-mail.
The initial mail (the one received today) was from " Email Service <dgranny1354@live(.)com> "
& addressed to
To: email@btclick(.)com <email@btclick(.)com> email@btclick(.)com <email@btclick(.)com>

Hope this is helpful

1 Like

You should report the email by forwarding it to

This is the phishing report address for the National Cyber Security Centre. It’s all explained here:




It was purporting to be a BT mail, so as requested by BT, I initially attempted to forward to BT.
However it contains a forwarding prevention tag, hence why I sent it to BT Phishing G with screen shots.
I should add that this is the 3rd such email I’ve had in as many weeks.
However I will also send it to your link, thanks.

If you are using a Mac, then the best/safe way to forward dodgy emails is to view then copy the raw source, then email it separately. to the phishing departments. E.g.

On other platforms, I think you are looking for View Source

1 Like

If I’m suspicious I download the full header(s) only, then check the delivery path to the originating servers and do a ‘WhoIs’ check. Reliable larger companies own their own servers, smaller ones use an ISP; no reliable companies use anonymous redirectors!

If a scam e-mail comes via an ISP, the ISP are often very interested to know about it and pull the account. I’ve had e-mails back from ISP admins thanking me for the info and confirming the account termination (in one case multiple accounts from that person, not just the one I flagged to them)!


Ok fine, but the NCSC phishing report email address is set up so people who aren’t IT savvy don’t have to do any of that.

You just forward the email to them, without opening it even. You get an email back from the NCSC acknowledging it. They have all the international contacts in place to both get the originating server taken down and to alert UK ISPs to black list it if necessary.

Much of the checking by the NCSC is automated, so doing what you suggest would frustrate that, so would likely to be ineffective.

1 Like

I wouldn’t be fooled by that…
It’s well known that BT delight in overcharging which is apart of their get rich quick business plan and would never in their greedy minds be honest enough to offer a refund! :face_with_raised_eyebrow:


You’re missing the point a bit Debs,
I have no doubt it’s a scam mail, you need to get up very early & have something a little more professional to make me think more than once, plus it helps that I know how BT accounts work.
The reason I started this thread was to alert other forumites to be aware & also that the scammer has included a tag that prevents it being forwarded which is something I’ve not seen before.

I believe it should still be possible to send it as an attachment.

With many mail clients, to preserve the full header information (necessary to track the scammer) you need to set the mail client to “View” “Full Headers” or “View” “Headers” “All” or something similar.

Just for everyone’s info, I just received another of these scam mails, exactly the same screen layout, different sender address, same source path.
And as before its got a prevent forwarding tag

I think the real issue here is that you are in reciept of fraudulent emails, processed by BT

Demonstrating they can’t prevent the most simplistic scams, which is poor.

A couple of very quick things you can do when you get a dodgy looking email, but aren’t 100% sure you should ignore / delete:

1. Hover over, but don’t click on, the main link in the message, in this case the link labelled “View Your Refund status.” This should cause the address of that link to appear, either as a tooltip (a small floating text box) or in the status bar at the bottom of your browser (it’s a little harder if you’re doing this on a phone, as you need to press-and-hold). If it’s a legitimate message, the address will be on the domain of the purported sender.

Example (legit):

Example (not legit):

2. Click Reply, but don’t complete or send the message. Look at the To address in the reply

Example (legit):

Example (not legit):

The reason for doing this is that emails can optionally contain a Reply-To address in the header, which can be different from the From address. The From address is always visible, but starting a response is the quickest way to see if a Reply-To address has been set.

These two tests take about ten seconds, and should give you peace of mind before you click Delete.

… and any/all dodgy ‘BT’ scam mails should be forwarded to phishing(@)bt(.)com
They are very effective in tracing the source path & blocking.

I find the easy way to tell if it’s genuine BT-email is if they cite your account number with ****'s (etc,) within the quick-view profile.

The dodgy ones don’t - they just refer to e-mail address IME (if even that).

And if you have a BT e-mail address, there is a high % chance it could have been compromised several years back when (IIRC) the Yahoo system the used was hacked.

I rec’d a ransomware phone call many years back purporting to be from BT (it was from India) and, strangely, they couldn’t tell me my BT account number and data !!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.