How to identify and report counterfeit emails

Summary

Information on how to spot counterfeit emails pretending to be from Sage UK Ltd, and how to report them.

Description

Fraudsters send scam emails to try to steal your data for financial gain.

Examples of this are emails requesting account details, or requesting payment of fees for help with installing an 'urgent update'.

Sage takes phishing and spoofing threats seriously.

How to identify a counterfeit email

The following tips can help you identify if an email you've received is counterfeit:

  • It asks for sensitive account information, such as passwords or credit card details
  • There are grammatical errors and spelling mistakes in the email
  • We only send emails with attachments if you've requested it, for example an invoice

For more information about dealing with spam and phishing emails, go to companieshouse.blog.gov.uk.

NOTE:

We issue invoices exclusively through our products, or upon explicit request via email. If you're not expecting an attachment, we strongly advise against opening it.

How to report a counterfeit email

To report a suspected counterfeit email safely without opening any attachments or replying to it, do one of the following:

  • Forward the email you suspect is a counterfeit to [email protected]
  • Create a new email, attach the suspicious message, and send it to [email protected]

  • TIP:

    Sending as an attachment is the best way to preserve information, which makes it easier for us to trace its origin.

What are spoof, hoax and phishing emails?

Fraudsters send spoof, hoax, or phishing emails posing as legitimate businesses, often using real branding to appear authentic.

They aim to trick recipients into clicking links, sharing confidential information, or installing malware.

How have I received a spoof email from an @sage.com email address?

Fraudsters send spoof emails using an unsecured email server, which allows them to use an address they don't own.

They're able to do this because some email systems don’t verify sender authenticity, which allows spoofed emails from fake addresses.

What is Sage doing to stop this?

We've implemented the Sender Policy Framework (SPF) to block these emails.

This lets your mail system verify whether a Sage email is genuine, and if not, it prevents delivery.

If Sage has implemented SPF, why have I received this spoof email?

Although most email systems are able to perform SPF validation, sometimes it isn't enabled by default. 

If it isn't active, the validation doesn't take place and the system delivers the email.

For help with enabling this on your email account, contact your email provider or IT support.

Is there anything I can do to stop these spoof emails?

Contact your email provider or IT team and ask if they can enable SPF validation on your mail system.

This helps reduce the amount of spoof emails you receive.

Solution Properties

Solution ID
200427112308093
Last Modified Date
Fri May 01 10:08:23 UTC 2026
Views
0