KYC Update / Account Suspension Scams on Email
How phishing emails impersonating banks or crypto exchanges use fake 'KYC verification required' warnings to steal login credentials and personal identification documents.
Part of: KYC Update / Account Suspension Scam
Last reviewed: 14 July 2026
Email remains the primary channel for KYC-themed phishing because it allows scammers to closely replicate a bank's or exchange's official branding, logo, and formatting inside a message that lands directly in a target's inbox. The email claims that 'know your customer' verification is overdue and that the account will be suspended, frozen, or closed within a short deadline unless the recipient clicks through to 'update' their details.
Because legitimate financial platforms do periodically request identity verification updates, especially for crypto exchanges responding to real regulatory requirements, the premise itself is plausible enough that even cautious users may click through without pausing to check the sender's actual email address or the destination of the link.
How this scam works on Email
The email arrives with an official-looking logo and formatting, claiming the recipient's account has been flagged for incomplete or outdated KYC documentation and must be updated within a set number of hours or days to avoid suspension. The sender's actual email address, visible when you inspect it closely, is usually a look-alike domain rather than the platform's genuine domain.
The embedded link leads to a convincing but fraudulent replica of the platform's login and identity-verification pages, where the victim is prompted to enter their username and password, followed by uploading a photo of a government ID and sometimes a selfie for 'liveness verification.' Some variants also request bank account or card details under the guise of 'reconfirming' payment information.
Once submitted, the scammer has both the account credentials and identity documents needed to take over the real account, bypass certain fraud checks, or commit further identity theft using the stolen ID images, often before the victim notices anything is wrong.
Common red flags
- An email claims your account will be suspended unless you complete KYC verification within a short deadline
- The sender's email address, when inspected closely, does not match the platform's genuine domain
- The link leads to a login page that looks similar to, but is not exactly, the platform's real URL
- You are asked to upload a photo of your government ID or a selfie through an emailed link rather than the platform's official app or website
- The email contains urgent, threatening language about frozen funds or permanent account closure
- Bank or card details are requested as part of the 'KYC update' process
How to protect yourself
- Never click links in unsolicited KYC or account-suspension emails — log in directly through the platform's official app or a manually typed URL instead
- Inspect the sender's full email address carefully for subtle misspellings or look-alike domains
- Enable two-factor authentication on all financial and crypto accounts so a stolen password alone is not enough to take over your account
- Contact the platform's official support channel directly to verify whether any KYC action is actually required
- Never upload identity documents through a link received in an unsolicited email
- Report and delete suspicious emails rather than replying to or engaging with them
How to report it
- Forward the phishing email to the platform's official abuse or phishing reporting address
- Report the email as phishing through your email provider's built-in reporting tool
- File a report with the FBI's IC3 (ic3.gov) in the US, Action Fraud in the UK, or your national cybercrime authority
- If you submitted ID documents, contact the platform immediately and monitor for identity theft, including placing a fraud alert with credit bureaus if appropriate
Frequently asked questions
How can I tell a real KYC email from a phishing one?
Check the sender's full email address for exact domain matches rather than trusting the display name alone, and never click the embedded link — instead, log in directly through the platform's official app or by typing the URL yourself to check for any genuine account notices.
I already entered my login and uploaded my ID through a link in one of these emails — what should I do?
Change your password immediately on the real platform, enable two-factor authentication, and contact the platform's official support to flag the compromise. Because ID documents were exposed, also watch for signs of broader identity theft and consider a fraud alert with your credit bureaus.
Do legitimate banks and exchanges ever email about KYC verification?
Yes, legitimate periodic KYC requests do happen, particularly at crypto exchanges responding to regulatory requirements. The key distinction is that genuine requests direct you to log in through the platform's official app or a manually verified URL rather than an embedded link, and they do not typically threaten suspension within a few hours.
Can I get money back if a scammer used my stolen KYC details to access my account?
Recovery may depend on the payment method and timing — contact the platform's fraud team immediately to report unauthorized access and ask about their recovery process, and separately contact your bank or card issuer if funds were moved out through linked accounts.