How to spot and report phishing emails pretending to be from Krystal

Phishing emails are fake messages designed to trick you into sharing sensitive information like passwords or payment details. Some of these emails impersonate Krystal, using our branding and language to appear genuine. This guide explains how to spot them, what to do if you receive one, and the steps to take if you've already clicked.

How to recognise a phishing email

Phishing emails have become increasingly convincing, but most still have telltale signs. Here are the things to look out for:

1. Check the sender's email address. Genuine Krystal billing and account emails always come from an @krystal.io address. Server notifications may come from @krystal.io, @cloudhosting.uk, or @uksrv.uk depending on your server type. Legitimate cPanel notifications will come from an address like cpanel@servername.krystal.uk or root@servername.krystal.uk. If the domain after the @ doesn't match one of these, it's not from us. Watch out for subtle tricks like swapped letters or added numbers (e.g. krysta1.io or kryslal.io).
2. Look for generic greetings. We will always address you by name in our emails. If an email starts with "Dear customer" or "Dear user", that's a red flag.
3. Be wary of urgent threats. Messages like "Your account will be suspended in 24 hours" or "Confirm your payment details immediately" are designed to pressure you into acting without thinking. We will never threaten you with immediate consequences for not clicking a link.
4. Hover over any links before clicking. Does the URL actually point to krystal.io or one of our known domains? If it goes somewhere else, don't click it.
5. Watch for poor grammar or odd formatting. While not always the case, phishing emails often contain awkward phrasing, grammatical errors, or branding that doesn't quite look right.
6. Be suspicious of unexpected attachments. We will never send you unsolicited attachments. Be especially cautious of .exe, .zip, or macro-enabled files.

What to do if you receive a suspicious email

If you've received an email claiming to be from Krystal and something doesn't feel right:

1. Don't click any links, open any attachments, or reply to the email.
2. Forward the email to phishing@krystal.io so our team can investigate.
3. You can also report it to the National Cyber Security Centre at report@phishing.gov.uk.
4. Delete the email from your inbox.

What to do if you've already clicked

If you've already clicked a link or entered your details, don't panic. Acting quickly can limit any potential damage.

1. Change your Krystal account password straight away at https://identity.krystal.io/password.
2. If you use cPanel, change your cPanel password separately. See our guide: Changing your cPanel/WHM password.
3. If you haven't already, enable two-factor authentication (2FA) on your Krystal account. See our guide: How to set up 2FA on your Krystal account.
4. If you entered payment details, contact your bank or card provider to let them know.
5. Run a full scan with your antivirus software, especially if you downloaded an attachment.
6. Get in touch with us at support@krystal.io or call 020 8050 1337 (Monday to Friday, 9am to 8pm, excluding bank holidays) so we can check your account for any unusual activity.

If you can't log in to your account

If you think your password has been changed by someone else, you can reset it at https://identity.krystal.io/login/reset. If you're still unable to access your account after resetting, contact our support team and we'll help you regain access.

Things to note

• Krystal will never send you an unsolicited email asking for passwords, bank details, or other sensitive information.
• Krystal will never ask you to provide personal details to a third-party website.
• If you're ever unsure whether an email is genuinely from us, forward it to support@krystal.io and we'll confirm.
• Phishing isn't limited to emails impersonating Krystal. The same principles apply to any unexpected email asking for sensitive information or pressuring you to act urgently. If something feels off, take a moment to check before you click.