Action Fraud - the UK’s national reporting centre for fraud and cybercrime - has received reports of the scam, which aims to gather personal details and ultimately steal cash from customers’ bank accounts.
The e-mails entitled ‘New BT bill’ contain a link that automatically downloads a malicious file called ‘BT bill.zip’ once clicked.
What makes this scam e-mail unusual and more dangerous is the Dridex malware starts downloading without a webpage being opened.
Once installed, the Dridex malware is designed to steal personal information such as usernames and passwords by eavesdropping, with the goal of getting into bank accounts and stealing cash.
BT have warned customers who receive one of these e-mails to not click on any links. Instead, they should go to the BT website directly and log in from there to view bills - pointing out that BT would never send out an e-mail with an attachment.
They add: “Remember that fraudsters can “spoof” an e-mail address to make it look like one used by someone you trust. If you are unsure, check the e-mail header to identify the true source of any such attachment or link.”