We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies. You can understand more and change your cookies preferences here.


When you click on a retailer link on our site, we may earn affiliate commission to help fund our not-for-profit mission.Find out more.

Eon email scam exposed: how a scammer tried to steal £1,000

Watch our exclusive video to see how this scam escalated

Scammers are impersonating Eon, promising an £85 refund in an attempt to steal your details and money.

As the UK's energy crisis deepens and households are set to see a record 54% increase to the price cap this April, it's no surprise scammers are impersonating energy providers to try and catch you out.

While you should never engage with scam emails, we played along with one doing the rounds to show you how it evolves and the typical patterns to watch out for.

Sign up to free Which? Scam Alerts and outsmart the scammers.

Eon phishing email

Email scams, also known as phishing scams, are used by scammers to steal your personal information and bank details, or in some cases, the emails have malicious software attached which can infect your computer, tablet or mobile with a virus.

This email impersonates Eon, claiming you've been overcharged and you're eligible for an £85 refund.

The sender's name is 'E.ON GAS REFUND' - another example of this scam uses 'E.ON PAYMENT REFUND' - but it has nothing to do with the energy provider.

The email address it's actually from is random and not Eon's.

As the video shows, the email included a link that takes you to a mockup of the Eon website's login page. It then asks for a lot of personal details and ends by loading the real Eon website - a common scam tactic and just one of many this scam journey reveals.

Find out how to spot an email scam

From phishing email to scam call

scam phone call

Less than one hour later, the scammer attempted a transaction.

The following day, the scammer called.

A minute before the call, the scammer sent a text claiming a £2,000 loan had been set up in my name. The text impersonated a genuine company called Cashflows and spoofed their customer support number.

During the phone call, the scammer claimed to be from Cashflows, looking into fraud on behalf of my bank.

The scammer even gave fraud advice, pretending to try and help me work out how my details had been compromised - reeling off potential culprits, including variations of scams we've recently exposed such as how a Royal Mail scammer tried to steal £4,000, and fake PCR tests emails and texts.

All the while, the scammer was in fact trying to steal around £1,000 from my account.

Apart from my name, all of the personal details the scammer had stolen were set up for this investigation and all of the fraudulent transactions were declined.

In a final attempt to steal money, the scammer asked if I had any other accounts that could've been compromised.

With their efforts thwarted, the scammer hung up, empty-handed.

How to report a scam

  • Email - forward phishing emails to report@phishing.gov.uk and any claiming to be from Eon to phishing@eonenergy.com.
  • Text- report scam texts to your phone operator by forwarding the message to 7726 for free.
  • Phone - if you think a call is suspicious, hang up. If it's pretending to be your bank, find the number on your bank card on the bank or its website.
  • Websites - if you've found a fake website you can report it to the National Cyber Security Centre.

If you think you've been scammed - contact your bank immediately and report it to Action Fraud or the police if you live in Scotland. Read our guide for further information on how to report a scam.

Stopping email, text and phone scams

Starting as a phishing email, this scam evolved to include text and phone scams as well.

We reported the different stages of this scam to Action Fraud and the National Cyber Security Centre.

But multi-layered scams like this can be all too convincing, especially when they involve number spoofing as this scam does with Cashflows or domain spoofing, where the sender address of a phishing email appears to be from a trusted company.

We shared the details of this scam with Cashflows and it said:

'We are concerned to learn that Cashflows' brand is falsely being used by scammers to attempt this fraudulent activity. Cashflows, along with many other UK regulated financial institutions, is occasionally targeted by scammers falsely using our brand and our status as an FCA authorised business to add credence to their fraudulent activities. Cashflows is not a party to this, has no knowledge of it, and never contacts consumers directly in this way.

'The security of our merchant customers and their customers is our highest priority. As a merchant service company, we do not and have never provided loans or any other financial products direct to consumers. We never ask anyone for confidential information such as account passwords either by email or phone and recipients should not respond to any such requests received.'

Which? is urging companies to review how they contact customers to reduce the risk of impersonation scams.

Our guide for best practice text message communication includes calls on businesses to:

  • Never include a phone number to call back
  • Never use generic URL shorteners for hyperlinks
  • Be consistent in how and why they use SMS to reach consumer
  • Protect SMS sender ID; the sender name displayed on the text

Businesses at risk of spoofing by scammers should protect their inbound customer service numbers through the UK regulator Ofcom's Do Not Originate scheme. They should also protect themselves against SMS spoofing via the UK's Mobile Ecosystem Forum SMS SenderID Protection Registry.