search icon

How to spot phishing emails, and how to deal with them

Unfortunately, from time to time a number of counterfeit (phishing) emails claiming to be from Sage are sent to our customers. We want you to know that these emails aren't generated by or on behalf of Sage, and we believe they are sent in an attempt to commit fraudulent activity.


What is a phishing email?

A phishing email is usually defined as "an attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity via electronic communication."

In other words, phishing is the modern version of the age-old problem of fraudsters trying to scam unsuspecting people. Those behind the attempted scam send malicious fake emails to try to get you to reveal sensitive information, usually in order to steal money.


How to spot a phishing email

Fraudsters will often use your emotions to try to get you to respond to a message and reveal the information they want to gain.

Common themes used in scams can include:

  • You've won a prize or some other unexpected financial gain.
  • Scare tactics like an overdue invoice or the threat of turning off a service.
  • Requests to donate to a charitable organization, often following a humanitarian crisis like an earthquake.
  • Unusual email attachments and requests for personal information.

We recommend you always take a moment to think, "Am I expecting this type of request?"


Dealing with phishing emails

It's important for you to know how to identify possible phishing emails, how to report them, and what to do if you think you've been a victim.

Additional checks to carry out

If you're unsure whether you've received a phishing email, there are some additional checks you can perform.

  • Check that the website associated with the link matches the text in the email.
  • Check that the sender's name matches the email address. If it doesn't, be suspicious of the email.

Note: To check the link in the email, hover over it and see if what pops up matches the text in the email. If it doesn't, don't click the link.

What to do if you think you have been a victim of a fraud

If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage: 

  • Change the information you've revealed. For example, change any passwords or PINs on the account or service that you think might have been compromised.
  • Contact your bank or the service provider right away.
  • Routinely review your bank and credit card statements for unexplained charges or inquiries that did not come from you.
  • Contact the authorities. Internet Crime Complaint Center (IC3) is the United States national fraud and internet crime reporting center.

Note: don't follow the link in the fraudulent email message.

Report a phishing email to Sage

To safely report the email you suspect is counterfeit, without opening any attachments or replying to the email, please do the following:

Note: sending the counterfeit email as an attachment is the best way to preserve information that makes it easier for us to trace its origins.

Receiving counterfeit emails from a email address

Counterfeit emails sometimes look like they’ve come from a email address. Fraudsters use an email system that doesn’t check the sender’s authenticity against the sender's address. The result is a bogus or counterfeit email.