Report
Report a suspicious message
One address, one template, and what happens after you send it.
The route
Forward the message itself to [email protected], ideally as an attachment so the headers survive. Add the details below if forwarding is not possible.
If you acted on the message before doubting it - clicked, replied or paid - also email [email protected] so the account team can check for activity straight away.
Copy and fill
Template
To: [email protected] Subject: Suspicious message report Sender address: [the full from address] Date and time: [when it arrived, with timezone] Domain checked: [result from creditcorporation.net, if run] Claimed to be: [lender / group company / other] What it asked for: [password / passcode / payment / chat app / other] Links included: [paste the link targets without clicking them] I have not clicked the links / I clicked before doubting it: [say which]
After sending
What happens next
Reports go to the estate's security route and are read by people, not a ticket robot. Lookalike domains get checked and, where appropriate, reported for takedown; payment-diversion attempts are flagged to the account teams.
You will not be asked for passwords or passcodes in response to a report. If a reply asks for them, treat the reply itself as suspect.