"SumUp - Update Your Profile" Scam Seeks to Gain Your Trust

An Email Disguised in Trust

Another phishing scheme is making the rounds under the guise of a familiar name: SumUp. While SumUp is a legitimate financial technology provider, this scam has no connection to the company. The deceptive email pretends to alert users about an urgent need to update their profile, allegedly due to changes in payment regulations. Its goal isn't to help but to trick users into handing over sensitive information.

How the Scam Works

The fraudulent email warns that unless you act immediately, your SumUp account may face suspension. To prevent this, the message urges you to click on a prominently displayed "Update now" button. It claims that failure to comply might lead to interrupted transactions or blocked access to credit and debit services. This kind of message is made to create a sense of urgency and push recipients into action before thinking things through.

Here's what the fraudulent message says:

Subject: Our terms and conditions of use have changed. Please update your profile now to avoid your account get suspended!

Hello,

As part of our ongoing commitment to protect your financial security, we have updated our servers to comply with new payment services regulations. To prevent credit or debit transactions from being declined, please update your customer area from your computer, tablet or mobile phone using the button below:

Update now

Failure to comply with this warning may result in the rejection of credit and debit transactions or suspension from the customer area.

This email is addressed to all SumUp account holders with an activated card. If you have not created a SumUp profile, you can ignore this message.

Thank you,
The SumUp Team

Supported by SumUp

SumUp Limited is an e-money institution authorised and regulated by the Central Bank of Ireland (reference number: n°C195030).

The Link Is the Trap

While the email may look legitimate, the link it contains is anything but. Users who follow it are redirected to a fake site that mimics the official SumUp login page. This is where the real damage begins. The page is crafted to steal login credentials—usernames, passwords, and possibly more. Once submitted, these details go straight to cybercriminals instead of any legitimate database.

Why Scammers Want Your Information

Once scammers obtain login details, they can potentially access not just your SumUp account (if you have one) but also any other accounts using the same credentials. From there, they can dig deeper, extracting financial information, sending more scam messages, or even committing fraud in your name. Stolen information is often sold to other criminals, widening the scope of potential harm.

Don’t Be Fooled by Urgency

This scam leans heavily on psychological pressure. By framing the issue as urgent—implying your account will be suspended if you don't act quickly—it aims to override your usual caution. Always take a moment to think before responding to unsolicited emails, even if they seem to come from a service you use.

What Makes It Look Convincing

Scammers are getting better at making their phishing emails appear legitimate. The "SumUp - Update Your Profile" message may include logos, formatting, and language that mimic the real company. However, small details often give them away: poor grammar, strange sender addresses, or slightly misspelled URLs. If something feels even slightly off, it's a sign to proceed with caution.

How to Stay Safe from Email Threats

Always verify emails before clicking any links or sharing personal information. If you receive a message from a company claiming your account is at risk, go straight to their official website by entering the URL in your browser—don't click on email links. It's also wise to use unique passwords for every single account and turn on two-factor authentication wherever possible.

What to Do If You Clicked

If you've already interacted with the email and entered your details, act quickly. Change your password immediately, not just for the affected account but for any others using the same login. Watch your financial accounts for suspicious activity and consider notifying the official company whose name was impersonated—they may provide additional steps to protect your account.

Wider Pattern of Phishing Campaigns

This isn't an isolated incident. Similar phishing emails—like those claiming to be about "Mailbox Capacity" issues or "Account Security Reviews"—use the same tactics. They rely on fear, urgency, and impersonation to manipulate users. These scams often target a broad range of individuals, hoping that even a small percentage will fall for the trap.

Final Thoughts

While the "SumUp - Update Your Profile" scam is designed to look official, staying vigilant and informed can help you avoid falling victim. By slowing down and verifying emails before responding, you can protect your personal information and maintain control over your digital presence. Keep your software updated, use reliable security tools, and trust your instincts—if something doesn't feel right, it probably isn't.