A customer security notice | June 2026

Beware a phishing scam targeting SOZO clients

Beware a new phishing scam

We have recently become aware of a new phishing email campaign that is currently targeting SOZO clients. Fraudulent emails are being sent by an unknown third party, impersonating a member of our team named Shaun, asking recipients to agree to a website review.

Please be aware, these emails are not sent by SOZO. We have not authorised them, and the email address used contact.sozodesign@gmail.com is not owned or operated by us.

No member of the SOZO team will ever contact you from a Gmail or other free-provider address.

The email being sent

The sender name may appear as “Shaun” or similar, but the ‘from’ email address is contact.sozodesign@gmail.com.

The fraudulent email arrives with the following subject line:

From: contact.sozodesign@gmail.com
Subject: Action Recommended: Website Compliance Check

The email may read something like this in the image:

How to identify this email as fraudulent

The email address is fake.

contact.sozodesign@gmail.com is not an address we own. All genuine SOZO communications come from addresses ending in @sozodesign.co.uk.

We do not use free email providers.

We will never send unsolicited emails from a free Gmail, Hotmail, or Yahoo address.

It contains no specific details about your site.

The email is intentionally vague. It does not mention your website by name, the specific issue found, or any factual details.

The language is deliberately vague and alarming.

Phrases such as “fall out of alignment”, “things behind the scenes”, and “compliance elements” are designed to sound technical and create concern without saying anything specific.

SOZO does not make unsolicited review offers.

SOZO will not send you unsolicited offers to review your website. If we identify a genuine issue with your site, we will contact you directly from a known address and give you clear details.

URLs and Social Media links are fake:

The www.sozodesign.co.uk address and social media links at the bottom of the email all point to suspicious URLs. While the links look normal, if you hover over them the destination URL reveals it as suspicious.

Why this type of scam is so effective

Phishing is the most popular cyber attack method. It relies on trust and human error rather than technical hacking. Email is a popular format as it is designed to look routine, familiar and helpful, which makes recipients engage without realising anything is wrong.

By impersonating a named individual, at a company you already have a relationship with, and using language that sounds professional and concerned, the sender is trying to get you to reply, click a link, or hand over access to your website or accounts.

Once a reply is received, the attacker may follow up requesting login credentials, payment for a fake service, or access to your hosting or admin panel. The goal is to exploit your trust in SOZO to gain something of value.

What to do if you receive this email

Do not engage

Do not reply to the email
Do not click any links it contains
Do not provide any information about your website, hosting, or accounts
Do not forward the email to others in your organisation without warning them it is fraudulent

Report it

Forward the email to report@phishing.gov.uk (the UK’s National Cyber Security Centre reporting service).
Report it to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040.
Mark it as spam or phishing in your email client to help protect others.
You may also want to report it to your IT team or service provider

ChatGPT Image Jun 10, 2026, 12_28_18 PM 1

Contact SOZO directly

If you are unsure whether an email you have received from us is genuine, please contact us directly using the contact details you already have on file, or visit our official website. Do not use any contact details provided within the suspicious email itself.

How to contact SOZO

If you have received this email, or something similar and are concerned, or if you have already responded and want advice on next steps, please get in touch with us directly. We are happy to help.

Email: security@sozodesign.co.uk

Website: www.sozodesign.co.uk

Please remember, we won’t suggest a website review in an unsolicited email and ALL email correspondence will come from an address ending in @sozodesign.co.uk.

Video

AIO Vs SEO and why you need both

Show me!

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_cfuvid	session	Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.