How can I recognise phishing attempts?

Email is one of the most common forms of communication today. But while email is convenient, it also poses certain risks. Phishing and fake emails are widespread and can lead to identity theft, financial loss, and other security breaches. It's important to learn how to recognise and protect yourself from fraudulent emails to make sure you and your business is protected from fraudsters.

What is phishing?

Phishing is a type of online scam where fraudsters pretend to be a trusted company to steal your personal information. They often use email, text/SMS, and phone calls. With advanced AI technology, they can even make fake video calls to target businesses and governments.


How to distinguish between legitimate and malicious emails

Remember that phishers try to make their emails look as legitimate as possible. You should not rely solely on format similarities, such as recognisable logos or a company name.


Check the sender's email address:

Always check the sender's email address. Phishers often use email addresses that resemble legitimate ones, but contain subtle misspellings or extra characters. If you’re unsure, read How do I report (suspected) phishing?.

 

Mollie emails use technical measures to protect against fake emails, which results in a Mollie logo being displayed in common email software. This will depend on your email provider.

 

Example of a valid Mollie email via Gmail 


Check the salutation and the sign off remark:

Authentic emails we send will usually address you (our customer) by name. Be wary of emails that start with a generic greeting such as "Dear customer" or "Hello user". 

Triggered account-related emails, such as a new payment received, will also include your Mollie ID in the footer for reference.

 

Beware of urgency or threats:

Phishing emails often create a sense of urgency. They may claim that your invoices are overdue, and that there will be consequences if you don't act immediately. Be sceptical of such emails and verify the email with the organisation itself (through a different communication method or a valid email address).

Note: Due to our regulatory obligations, we occasionally need to verify the identity of our customers. Any sensitive information requested should only be shared securely via your account in the Mollie Dashboard.

 

Check for spelling and grammatical errors:

Phishing emails often contain spelling and grammatical errors. Legitimate organisations maintain a professional standard of communication. Typos can be a sign of a fraudulent email. Phishing attempts are likely to get better and more convincing with the addition of artificial intelligence (AI).


Check hyperlinks and URLs by hovering over them first – do NOT click them

Hover over any links without clicking on them to see the destination URL. If the URL looks suspicious or has nothing to do with the supposed organisation, do not click on it. Always check with the official website or domain. 


Note
: An email from Mollie would always use the correct mollie.com domain in an email address.

These are valid sub domains from Mollie:

These are the two email addresses and the redirects that you can expect from <noreply@mollie.com> or  <no-reply@email.mollie.com>.

Here’s where they link to:

Avoid giving out personal information:

Be wary of emails asking for sensitive information such as passwords or credit card details. We may ask for this information but will provide a secure way to share this information via a direct upload in your Mollie dashboard. If we don’t, you can request that we do so.

We may ask you to upload any of the following to your account: ID documents, business registration, and company structure overview information.

We’ll never ask you for passwords, API keys,or credit card details.


Check your Mollie account separately

We try to avoid sending confidential information by email. We may ask you to view messages securely in your Mollie account via the notification centre.

If you receive an email asking you to click to view a message, you can always override this request by logging into your Mollie account (via https://my.mollie.com or the Mollie app). This will ensure that you're always securely accessing information from our platform.

Keep learning to protect your business

This is not an exhaustive list. It's important to continue to educate yourself about the most common phishing techniques and to keep up to date with the latest scams so that you know what to look out for. Awareness is the best defence against phishing attempts.

How do I report (suspected) phishing?

If you suspect that you have received a fake Mollie email, you can report it to phishing@mollie.com. Please include a copy of the email, ideally with the technical email headers.

 

Other resources: