Cybercrime is on the rise, and phishing remains one of the most common and most effective methods attackers use to target businesses and individuals online. It doesn’t require sophisticated technology or inside knowledge. In most cases, all it takes is a convincing email and a moment of uncertainty.

We’re writing this guide because it recently happened to us. Fraudsters used Solve’s name and identity to target our clients with fake renewal emails, and it’s the kind of thing that can happen to any business, at any time, without warning.

Whether you’ve received something suspicious, want to know what to look out for, or are simply getting your team up to speed on email security, this guide covers everything you need to know, from spotting a phishing email to what to do if someone has already clicked.

What Is Phishing?

Phishing is a type of online scam where attackers send fraudulent messages, usually by email, designed to look like they come from a trusted source. The goal is to trick you into clicking a malicious link, sharing sensitive information, or making a payment.

The most effective phishing attacks impersonate someone you already trust, a supplier, a service provider, or even a named person at a company you work with. They use urgency, familiar branding, and specific details to make the message feel legitimate.

Solve has been used as the front-person for a campaign does exactly that: it uses Solve’s name, references real services (domains, plugins, themes), and creates artificial deadlines to pressure you into acting quickly before you stop to think.

What To Look For In Fake Emails

Phishing emails tend to follow a pattern. Common signs include claims that a service you use is expiring or needs urgent attention, a hard deadline designed to pressure you into acting quickly, an offer to handle something on your behalf, and a sender address that doesn’t quite match the organisation it’s claiming to be from.

The fraudulent message typically contains one or more of the following:

Claims your domain, plugins, or themes are “due for renewal”
A hard deadline creating artificial urgency (e.g. “action required by May 2”)
An offer to “manage renewals” on your behalf
Signed as a familiar person within the business

In our case, the emails claimed clients’ domains, plugins, or themes were due for renewal, set a hard deadline, and offered to “manage renewals” on their behalf. They were signed as Solve but sent from [email protected] and [email protected], which are not from us or our email domain.

Genuine Emails Always Come From The Business Domain

A legitimate business will always contact you from its own domain. Free email providers like Gmail have no place in professional business communication, and any email about your services that doesn’t come from the company’s official domain should be treated with suspicion, regardless of how convincing it looks.

In our case, we only ever send emails from @solve.co.uk addresses, for example, [email protected]. We will never use Gmail or any other free email provider to contact our clients. If an email about your services doesn’t come from this domain, it is not from us. The same applies for other prominent businesses. Always check the email domain it is from.

We will never:

Send email from Gmail or other free email services
Request urgent payments or renewals via an unsolicited email
Ask you to take action, especially financial action, without prior discussion
Pressure you with last-minute deadlines on routine services

What To Do If You Receive Suspicious Emails

1. Do not click, reply, or engage

Close the email without clicking any links or replying. Do not open any attachments. Even opening certain links can expose your device to risk.

2. Report it as phishing in your email client

Reporting helps your email provider block this sender for other users too.

Gmail: open the email, click the three-dot menu (⋮), and select “Report phishing”
Outlook: open the email, click “Report” in the toolbar, then select “Phishing”
Mac Mail: open the email, go to the “Message” menu at the top of the screen, and select “Move to Junk”

To report it, you can also forward the email to [email protected] directly from Mail.

3. Block the sender addresses

Most email clients let you block a sender directly from the message. Do this to prevent further contact from the same address. In our case, the addresses to block were: [email protected] and [email protected].

4. Report to the National Cyber Security Centre

This is highly recommended. The UK’s NCSC runs a reporting service that helps national teams track and take down phishing campaigns faster. Forward the email to [email protected], it takes less than a minute and genuinely makes a difference.

If You’ve Already Interacted With A Phishing Email

Firstly, don’t panic. Secondly, follow these pointers:

If you clicked a link, close the page immediately and avoid entering any information
If you shared any passwords or login details, change them right away, starting with your email account and any accounts associated with your website
If you made any payment, contact your bank as soon as possible to report a suspected scam
Contact the company that the email appears to have come from to alert them
If it was a phishing email that appeared to be from us, contact us immediately at [email protected] and we’ll guide you through next steps and check your accounts for any unauthorised access

Staying Alert And Aware Will Keep You Safe

Awareness is your best defence against cybercrime.

For our Solve clients, your website, hosting, and all services managed by Solve remain unaffected by the phishing campaigns we’ve seen, and no access has been leaked to your account or site.

We stay on top of domain and service renewals and will always communicate clearly and in advance, from our official @solve.co.uk domain. If you ever receive something unexpected that claims to be from us, don’t act on it, contact us first and we’ll confirm whether it’s genuine.