What is phishing?

Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone who is posing as a legitimate institution or company. This is to lure individuals into providing sensitive data such as bank details or personally identifiable information.


How can you protect yourself?

If you receive an email from someone appearing to be from Kier, make sure you check that it has come from a valid Kier email address. This will be @kier.co.uk, or other variants of this which are used for our joint venture contracts, these include, but are not limited to, @kierbamhpc.com or @ekfb.com. We will never send business emails from email servers such as @outlook.com or @gmail.com.

Phishing emails may often contain links to websites that appear as if they belong to Kier but do not. Our only corporate website is www.kier.co.uk and our other official websites are listed in the footer at the bottom of this page. If you are sent a link to any other website, then it may be phishing attempt.


What if you believe you have been a victim of phishing?

If you believe you have been a victim of phishing, please contact your bank and if you are in the UK then please report the incident to Action Fraud.

Other countries should have similar reporting service for fraud. Please see your respective country's fraud reporting services.


Examples of phishing emails

You may get an email that appears to be from Kier for the sale of construction-related items or equipment. This will not be from a kier.co.uk email address.


How can I identify a phishing email?

  • Check the email address to ensure it isn’t one from a generic email server eg @outlook.com or @gmail.com.
  • If you receive an invoice sent by Kier and have concerns regarding its legitimacy, please contact creditcontrol@kier.co.uk. Kier will never request monies to be sent to personal bank accounts.