Reporting a Phishing or Spoofed Email

Taking the security of our systems seriously

If you suspect that you have received a Phishing or Spoofed Email, please report this to us.

Please do the following:

  • Save the email in msg or eml format (whichever method is supported by your email client)
  • Send it as an attachment to cybersecurity(AT)springernature(DOT)com

Examples of what to look out for if you suspect a Spoofed or Phishing email are:

  • It is unexpected and/or you do not know the sender.
  • A promise of a big lottery win / green card / free high-valued subscription.
  • It demands an urgent response, for example; "You have two weeks to contact us to receive the inheritance of a long lost relative”.
  • Requests for your username and/or password, or other personal information. Personal information includes things like: your National Insurance number, your credit card number, PIN, or credit card security number, or your security question answer; we will never ask for personal information to be supplied by email.
  • An order confirmation for an item you didn't purchase or an attachment to what looks like an order confirmation.
  • Requests to update payment information through a link in the email. Emails from us will never request you to update payment information via a link.
  • Attachments or prompts to install software on your computer.
  • Typos or grammatical errors. Be on the lookout for poor grammar or typos. Many phishing emails are translated from other languages or are sent without being proof-read. As a result, these messages can contain bad grammar or typographical errors.
  • Forged email addresses to make it look like the email is coming from us.  If the "from" line of the email contains an Internet Service Provider (ISP) other than for example @springernature.com, @macmillan.com, @apress.com, @scientificamerican.com (not exhaustive list) then it's a fraudulent email.
  • Links to websites that look like they are from us.
    • A legitimate link to our services would look like this https://www.nature.com
    • A fraudulent link could look like this http://123.123.123.123/nature.com

If you are concerned that your account details are at risk after having clicked on links within a Phishing or Spoofed email, please take the following steps:

  • If you've entered your password on what you think might be a malicious website, go to Forgot Your Password and change it immediately.
  • If you've entered your credit card information on what you think might be a malicious website or replied to an email with that information, you should contact your credit card company immediately.

For additional account security tips, here are some ways to protect your system:

  • Install anti-virus or anti-malware software from a reputable company.  Once it's installed, run a full scan of your computer.
  • Check for and install updates for all programs on your computer. Run Windows Update if you have a Windows computer or Software Update if you have a Mac.
  • Never reply to unsolicited messages. Replying to Phishing and Spoofed emails only notifies the sender that they have a valid email address to which they can send emails.

If you're a security researcher and you believe you have found a security issue within any of our services, please use the Responsible Disclosure process.