Why the Word ‘Kindly’ is a Phishing Red Flag

Posted on October 28, 2025 by Jefferson  Green, IT Security Analyst, Information Security Division, Department of Information Technology (IT)
Why the Word ‘Kindly’ is a Phishing Red Flag

Phishing attempts make up about 3% of the roughly 3 million emails received by Henrico County employees each month.  Fortunately, most of these malicious messages are caught and filtered out before they ever arrive in a user’s email inbox.

Unfortunately, some messages do still arrive in users’ inboxes.  However, these messages often contain indicators (or red flags) that you can use to identify them as a phishing attempt rather than a legitimate email.

The word ‘kindly’ is one such red flag; the use of which is not picked up by our email filters.  The word kindly has largely fallen out of favor in everyday American English where we would use the word ‘please’.  It remains common in formal business English in countries with British colonial influence where English was taught as a second language.  These countries include India, Nigeria, or Pakistan, where use of the word kindly remains common.  Many phishing campaigns also originate from these countries.  Modern American business communication favors direct, clear language.  Terms like please and thank you are standard, but kindly sounds old-fashioned or overly formal.

This linguistic mismatch can and should trigger suspicion in you the reader of the email, especially when paired with other scam indicators like…

  • A sense of urgency
  • Frustration directed at you
  • Posing or referencing higher-ups / supervisors
  • An unwillingness to communicate via voice
  • Insulting or bullying or other tactics to get an emotional response
  • Posing as a trusted party or brand

In summary, the word “kindly” stands out in phishing emails because it’s out of step with how most Americans write business messages today.  Its common use in scams reflects differences in English around the world.  By knowing that kindly is unusual in American English, you gain a simple tool to help spot fraud attempts.  Always be skeptical of overly formal requests like “kindly update your password”.  When in doubt, contact the company by a known channel instead of clicking a link or forward the message to [email protected] to verify its legitimacy.  Vigilance, caution, and familiarity with these red flags can help protect you and Henrico County from phishing scams.

Featured Image