Online security for UK businesses

Cybercrime awareness and protection advice for British Gas business customers.

Not a business? Go to our British Gas residential website for help.

In this article

What is cybercrime?

Cybercrime refers to any criminal activity that involves computers, the internet, or networked devices. Cyberattacks can occur in any environment where digital data, opportunity, and motive exist and can manifest as scam emails, fraudulent websites, or deceptive text messages.1

In today's hyper-connected world, we can manage everything from banking to business operations right from our mobile devices. While this digital convenience is helpful, it also introduces new security risks. As more of our daily activities shift online, cybercrime is becoming an increasingly serious threat for both businesses and individuals alike.

According to a recent survey from GOV.UK, it’s estimated that 20% of businesses and 14% of charities have experienced at least one cybercrime incident in the past year.2 From phishing attacks to stolen login credentials, cyber threats are becoming more sophisticated, making effective cybersecurity more important than ever.

Received a suspicious email?

It's not always easy to spot phishing emails. Scammers use email or text messages to trick you into giving them your personal information or click on a link which could download viruses onto your computer. It's one of the most common methods of cyber crime, but despite how much we think we know about scam emails, many of us still fall victim.

If you're in doubt over any email claiming to be from us, don't click any links. Please attach it to a new email and send it to phishing@britishgas.co.uk. Then delete it straight away.

What should you do when spotting suspicious emails

One of the most important steps you can take to protect yourself from cybercrime is learning how to recognise genuine emails from scams. We understand this can be challenging, especially when fraudulent messages appear convincing, that’s why we’ve made it easy for you to spot the signs. Before you click, open, or respond to any message claiming to be from us, here are a few simple checks to help you stay safe and confident online.

  • We greet you by name, not ‘Dear Customer.’
  • Our emails only come from trusted addresses such as @britishgas.co.uk, @ukb.britishgas.co.uk, @centrica.co.uk, and others.
  • We always include your British Gas business customer account number when discussing your account.
  • Links will only take you to britishgas.co.uk/business.
  • We will never ask for personal information or passwords in an email.
  • We won’t ask you to reply directly to the email or update any personal details.
  • We rarely send attachments – only in your welcome email.

Top tip Hover over any link before clicking. If it doesn’t lead to britishgas.co.uk/business, don’t trust it.

Dear Customer,

We have noticed unusual activity on your British Gas Business account. To avoid suspension, please confirm your payment details immediately.

Click the secure link below to verify your account:
https://birtishgas-support.com/login

Failure to act within 24 hours may result in service interruption.

Kind regards,
British Gas Support Team
customer-service@birtishgas.co.uk

What’s wrong with this email?

  • Anonymous greeting
  • Genuine emails from British Gas Business will use your first name (if we have it).
  • Suspicious sender address
  • Sent from a public domain: britishgas.customerhelp@gmail.com.
  • Fake or misspelled links. The link goes to: birtishgas-support.com.
  • Urgent, threatening language. Tries to scare you into acting fast,“Failure to act within 24 hours…” Real emails won’t pressure you like this as we won’t threaten account suspension by email
  • Poor grammar and spelling errors
  • Phrases like “Click the secure link” and fake email addresses like @birtishgas.co.uk. Official messages are professionally written and proofread.
  • Unusual request to confirm payment details and enter personal or payment info. We’ll never ask for sensitive information or passwords via email.

If you spot any of these:

How to spot scam emails and websites

Never trust emails and websites that:
  • Begin with 'Dear customer' or 'Hello' and then your email address instead of your name.
  • Have a poor design, spelling errors and bad grammar – for example, incorrect email addresses with @birtishgas.co.uk instead of @britishgas.co.uk, or cemtrica.co.uk instead of centrica.co.uk
  • Come from public domains like Yahoo, Gmail or Hotmail. Anyone can change their sender name to 'British Gas', so always check their actual email address to be sure
  • Have suspicious looking attachments
  • Use odd looking web or email addresses. Our website is britishgas.co.uk/business/, not someaddress.com/britishgas.co.uk/business/
Always check website links

The most important thing to be wary of is website links. Most of the links in our emails will take you to the British Gas business website (www.britishgas.co.uk/business) – but there are a few rare exceptions.

Whenever you hover over a link, you might see a redirect link from your e-mail provider, which starts with something like this:

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbritishgas-ukb-prod.quadientcloud.eu%2Fapi%2Fquery%
2FMessenger%2FTrackerQuery...

They will recognise phishing emails and warn you if they think it's suspicious. And if it's a genuine email from British Gas business, you'll see our domain name within this link (britishgas-ukb-prod). But some providers don't use redirect links. So instead, you should see britishgas.co.uk when you hover over a link.

If you're in any doubt, don't click on any links. And if you get an email asking for payment, open a new web browser and access your account directly from the britishgas.co.uk/business website. There you'll see any genuine outstanding payments or transactions you need to make.

Remember: If you're in doubt over any email claiming to be from us, don't click any links. Please attach it to a new email and send it to phishing@britishgas.co.uk. Then delete it straight away.

Protect yourself from malware

Sometimes criminals use scam emails or text messages to distribute malicious software or 'malware'.

Their goal is often to convince you to click a link. Once clicked, you may be sent to a dodgy website which could download viruses onto your computer, or steal your passwords and personal information.

These attachments or links will attempt to download malicious software onto your computer that could allow criminals to capture what you type, or compromise your personal files.

How to keep yourself protected
  • Never click on links or attachments that you're not expecting.
  • Disable the use of 'macros' in Microsoft Office documents
  • Always make sure your software is up-to-date
  • Always run an up-to-date virus checker

What to do if you've already responded to a suspicious message

If you've already responded to a suspicious message, take the following steps:

  • If you've been tricked into providing your banking details, contact your bank immediately and let them know.
  • If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to this guidance on recovering a hacked account.
  • If you received the message on a work laptop or phone, contact your IT department and let them know
  • If you opened a link on your computer, or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan 
  • If you've given out your password, you should change them on any of your accounts which use the same password
  • If you've lost money, tell your bank and report it as a crime to Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland). By doing this, you'll be helping the battle against criminal activity, and in the process prevent others becoming victims of cyber crime

S.A.F.E.R Password checker

Let’s be honest, remembering strong, unique passwords for every account isn’t easy. Although it’s tempting to reuse the same password, in today’s cyber climate, that shortcut can expose you to serious security risks.

That’s why we use this simple strategy to stay protected: the S.A.F.E.R method. This useful acronym provides five quick rules for creating and managing passwords that keep you safe without complicating your digital life.

S – Strong and structured

Use strong, complex passwords that include a mix of upper/lowercase letters, numbers, and special characters. For example, ‘GreenLion#12Snow!’

A – Avoid the obvious

Never use easily guessed information such as your name, pet, birthdays, or 123456. Hackers often start with these, as they are among the most common passwords. No: ‘Rachel2021’ or ‘Password123’

F – Forget sharing

Never share your password with anyone and if you think it’s been compromised, change it immediately.

E – Enable 2FA/MFA

Always turn on Two-Factor (2FA) or Multi-Factor Authentication (MFA) when available. This could be via SMS codes, authenticator apps, or hardware tokens.

R – Rely on tools

Use a trusted password manager instead of writing them down, it keeps your credentials securely encrypted and easy to access when needed

Remember, staying informed is your strongest defence against cybercrime. If you’re ever unsure about an email or message claiming to be from British Gas, please don’t hesitate to contact our support team to report any suspicious activity.

By working together, we can create a safer online environment for your business and protect you against evolving threats.

Find out more about how to protect your business energy data online

For more help on how to protect your business online visit these useful links.
Back to My online account

Additional information

  1. Cyber security breaches survey 2025 - GOV.UK

  2. What is Cybercrime and How Can You Prevent It?