⚠️
Stop — don't click anything yet Do not click any links or download any attachments in the email until you've completed this checker.

Phishing
Email Checker

Not sure if an email is genuine? Answer a few quick questions and we'll help you work out what's going on and what to do next.

It's not a forensic analysis — but it will help you pause, think, and take the right action.

🔒 Your answers are anonymous. We don't see your individual responses.

Checking for red flags
Phase 1 — Red Flag Detection
⚠️

We've spotted a red flag

One or more of your answers suggests this email could be suspicious. We'd recommend treating it with caution before taking any further action.

Let's ask a few more questions to understand if anything has already happened.

This email looks legitimate

Based on your answers, there are no obvious signs that this is a phishing attempt. That said, if something still feels off, trust your instincts — it's always worth double-checking directly with the sender through a separate channel, not by replying to the email itself.

How to spot phishing emails
aursec.co.uk — Our plain-English guide to identifying suspicious emails

Still not sure?

We're happy to take a look and give you a second opinion — no jargon, no judgement.

Talk to Aursec
⚠️
Treat this email with caution

Your answers suggest this could be a phishing attempt, but it looks like you haven't taken any action that could put you at risk. The right next step is to report the email as phishing and delete it without clicking anything.

What to do now

1
Don't click anything — don't open links, attachments, or reply to the email.
2
Report as phishing — use the phishing report button in your email client or forward to report@phishing.gov.uk.
3
Delete the email — once reported, delete it from your inbox and trash.
4
Let your IT contact know — if this came to a work account, flag it to your manager or IT team.
How to report a phishing email
aursec.co.uk — Step-by-step guide to reporting and handling suspicious emails

Not sure what to do next?

We're happy to help — no jargon, no judgement.

Talk to Aursec
🚨
You may have been exposed — act with caution

You've taken an action that could potentially put you at risk, but you haven't shared any sensitive information. Act now to reduce any potential impact.

Take these steps now

1
Don't click anything else in the email.
2
Run a malware scan on your device using your antivirus software.
3
Monitor your accounts for any unusual activity over the next 48 hours.
4
Report the email as phishing — but don't delete it yet. Preserve it as evidence.
5
Notify your IT contact or manager immediately if this was on a work device or account.
6
If you forwarded the email — warn the recipient not to click anything and to run the same checks.
What to do if you've been phished
aursec.co.uk — Our step-by-step incident guide
Report to Action Fraud
actionfraud.police.uk — The UK's national reporting centre for fraud and cyber crime

Want a second opinion?

We can help you work out what happened and what to do next — no jargon, no judgement.

Talk to Aursec
🛑
Act now — you may have been phished

You've shared information that could put your accounts or data at serious risk. Please take these steps immediately — every minute matters.

Immediate actions — do these now

1
Change your passwords immediately — start with email, banking, and any account linked to the information you shared. Use a different device if possible.
2
Contact your bank immediately if any financial information was shared. Ask them to monitor your account and consider freezing it.
3
Notify your IT contact or manager right away if this was on a work device or account.
4
Do not delete the email — preserve it as evidence for reporting.
5
If you forwarded the email — warn the recipient immediately not to click anything.
6
Report to Action Fraud at actionfraud.police.uk — the UK's national reporting centre for fraud and cyber crime.
Help — I've been phished
aursec.co.uk — Full step-by-step incident response guide
Report to Action Fraud
actionfraud.police.uk — Report now at the UK's national fraud reporting centre

We're here to help — right now

If this happened to a business device or account, we can help you contain the damage and respond properly. No jargon, no judgement.

Talk to Aursec