Frequently Asked Question

How to recognise non-legitimate emails
Last Updated 4 years ago

Generally speaking, never respond to generic “there’s an issue with your account” emails. Genuine ones tend to have other identifiers. For example, if it is a payment card that is stored on a supplier's system that is about to expire they will usually identify the last four digits of the card that they have on record.

Don’t follow the links in such emails, even when they appear genuine. Log on to the account in question independently straight from your browser. (An exception is when a site sends you an email to confirm your new account or when you change a password or request a password reset – but you will know they are genuine because you have just requested them.)

A note on links in emails: hover your mouse over the link to see the actual address as the visible text may not be where the underlying link is pointing. Try it with the examples below which actually point to our web site at

Further, always look at the last bit of the domain name before the first single forward slash (/) and then go back to the last period (.) before the .com,, .org or whatever. Examples: Domain = Domain = Domain = Domain = (probably NOT a genuine PayPal address) Domain = (definitely not a genuine PayPal address) Domain = Domain (NOT the government’s web site)

If you believe that you have acted on a phishing email, go to the actual web site via your browser and change your password and run an anti-virus and anti-malware scan in case the link has dropped something nasty on your system.

Keep your Antivirus up to date and regularly run a scan (can catch things "realtime" protection misses).
Regularly run an Anti-Malware scan (external link, opens in new tab):

More information is available here (external link, opens in new tab):

If in any doubt, contact us straight away for help:

Please Wait!

Please wait... it will take a second!