Chykalophia Docs
Troubleshooting

I got a suspicious email — what now?

How to assess whether an unexpected or suspicious email is a phishing attempt, and what to do next.

troubleshootingsecurityemailbeginner

Getting an email that doesn't feel right is unsettling. Maybe it claims to be from your bank, your host, or even Chykalophia. Maybe it asks you to click something urgently. Before you do anything, take a breath and read this guide.

Quick summary

Don't click any links or attachments until you've verified the email is genuine. Check the sender's actual email address (not just the display name), look for urgency pressure and spelling mistakes, and when in doubt, contact the supposed sender through a separate, trusted channel.

If you already clicked a link or entered your details

Stop immediately. Change your passwords right away, starting with your email and any financial accounts. Then read What to do if an account is compromised and contact us.

Step 1 — Don't click anything yet

The most important thing you can do is pause.

  • Do not click links in the email until you've assessed it.
  • Do not open attachments — they can contain malware (malicious software).
  • Do not reply to the email or call any phone number listed in it.
  • Do not provide any personal or financial information.

Step 2 — Check the sender's real email address

Phishing emails (fake emails designed to steal your information) often use a convincing display name but have a suspicious actual email address.

Open the email. Look at the "From" field.

Click or hover over the sender's name to reveal the actual email address behind it. The display name might say "PayPal Support" but the actual address might be support@paypa1-secure-login.net.

Ask yourself: Does the domain (the part after the @) match the company's real domain? PayPal would use @paypal.com. Chykalophia would use @chykalophia.com. A slight misspelling or an extra word is a red flag.

Step 3 — Look for common phishing warning signs

Common red flags

Any of these in an email should raise your suspicion:

  • Urgency or threats: "Your account will be suspended in 24 hours." "Immediate action required."
  • Unexpected requests: Asking you to confirm your password, payment details, or personal information.
  • Mismatched domains: The link URL doesn't match the company it claims to be from.
  • Generic greetings: "Dear Customer" instead of your name.
  • Unusual spelling or grammar: Awkward phrasing, spelling errors, or strange capitalization.
  • Unexpected attachments: Invoices, "important documents," or shipping notices you weren't expecting.
  • Links that don't match: Hover over any link (without clicking) and look at the URL that appears at the bottom of your screen. Does it match the company's real website?

Step 4 — Verify through a separate channel

If an email claims to be from your bank, your hosting company, a supplier, or us — and you're not sure if it's genuine:

Do not use any contact details in the suspicious email.

Look up the company's real phone number or email address independently — from their official website, a previous genuine email, or a business card.

Contact them directly and ask if they sent the email.

Step 5 — Report and delete the email

Mark the email as spam or phishing in your email client. This helps your provider identify the sender.

Delete the email from your inbox and empty the trash.

If the email claims to be from a real company, consider reporting it to that company. Most have a dedicated address (e.g., phishing@paypal.com).

Identified as a phishing attempt and deleted?

You handled it correctly. There's nothing more to do unless you clicked a link or provided information.

What a genuine Chykalophia email looks like

Emails from us always come from an @chykalophia.com address. We will never:

  • Ask for your passwords via email
  • Ask you to wire money or buy gift cards
  • Threaten to suspend your project without a prior conversation
  • Send attachments you weren't expecting

If you receive something claiming to be from us that feels off, email us directly at support@chykalophia.com to verify it.

Common questions

Need a hand?

If you're stuck, email support@chykalophia.com and we'll help. Include your website address and a screenshot if you can.

Something on my site looks different

What to do when a font, color, layout, image, or piece of content on your site changed without you making the change.

I think I was hacked

Immediate steps to take if you believe your website or business accounts have been compromised.

On this page

Step 1 — Don't click anything yetStep 2 — Check the sender's real email addressStep 3 — Look for common phishing warning signsStep 4 — Verify through a separate channelStep 5 — Report and delete the emailWhat a genuine Chykalophia email looks likeCommon questionsRelated guides
I got a suspicious email — what now? | Chykalophia Docs