Scammers are impersonating Eon, promising an £85 refund in an attempt to steal your details and money.
As the UK's energy crisis deepens and households are set to see a record 54% increase to the price cap this April, it's no surprise scammers are impersonating energy providers to try and catch you out.
While you should never engage with scam emails, we played along with one doing the rounds to show you how it evolves and the typical patterns to watch out for.
Email scams, also known as phishing scams, are used by scammers to steal your personal information and bank details, or in some cases, the emails have malicious software attached which can infect your computer, tablet or mobile with a virus.
This email impersonates Eon, claiming you've been overcharged and you're eligible for an £85 refund.
The sender's name is 'E.ON GAS REFUND' - another example of this scam uses 'E.ON PAYMENT REFUND' - but it has nothing to do with the energy provider.
The email address it's actually from is random and not Eon's.
As the video shows, the email included a link that takes you to a mockup of the Eon website's login page. It then asks for a lot of personal details and ends by loading the real Eon website - a common scam tactic and just one of many this scam journey reveals.
Less than one hour later, the scammer attempted a transaction.
The following day, the scammer called.
A minute before the call, the scammer sent a text claiming a £2,000 loan had been set up in my name. The text impersonated a genuine company called Cashflows and spoofed their customer support number.
During the phone call, the scammer claimed to be from Cashflows, looking into fraud on behalf of my bank.
The scammer even gave fraud advice, pretending to try and help me work out how my details had been compromised - reeling off potential culprits, including variations of scams we've recently exposed such as , and .
All the while, the scammer was in fact trying to steal around £1,000 from my account.
Apart from my name, all of the personal details the scammer had stolen were set up for this investigation and all of the fraudulent transactions were declined.
In a final attempt to steal money, the scammer asked if I had any other accounts that could've been compromised.
With their efforts thwarted, the scammer hung up, empty-handed.
Starting as a phishing email, this scam evolved to include text and phone scams as well.
We reported the different stages of this scam to Action Fraud and the National Cyber Security Centre.
But multi-layered scams like this can be all too convincing, especially when they involve number spoofing as this scam does with Cashflows or domain spoofing, where the sender address of a phishing email appears to be from a trusted company.
We shared the details of this scam with Cashflows and it said:
'We are concerned to learn that Cashflows' brand is falsely being used by scammers to attempt this fraudulent activity. Cashflows, along with many other UK regulated financial institutions, is occasionally targeted by scammers falsely using our brand and our status as an FCA authorised business to add credence to their fraudulent activities. Cashflows is not a party to this, has no knowledge of it, and never contacts consumers directly in this way.
'The security of our merchant customers and their customers is our highest priority. As a merchant service company, we do not and have never provided loans or any other financial products direct to consumers. We never ask anyone for confidential information such as account passwords either by email or phone and recipients should not respond to any such requests received.'
Our guide for best practice text message communication includes calls on businesses to:
Businesses at risk of spoofing by scammers should protect their inbound customer service numbers through the UK regulator Ofcom's Do Not Originate scheme. They should also protect themselves against SMS spoofing via the UK's Mobile Ecosystem Forum SMS SenderID Protection Registry.