diff --git a/program/actions/mail/index.php b/program/actions/mail/index.php
index 1f77c3325..6241d21a7 100644
--- a/program/actions/mail/index.php
+++ b/program/actions/mail/index.php
@@ -1371,11 +1371,6 @@ class rcmail_action_mail_index extends rcmail_action
             $string = $part['string'];
             $valid = rcube_utils::check_email($mailto, false);
 
-            // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
-            if (!$show_email && $valid && $name && $name != $mailto && preg_match('/@|＠|﹫/', $name)) {
-                $name = '';
-            }
-
             // IDNA ASCII to Unicode
             if ($name == $mailto) {
                 $name = rcube_utils::idn_to_utf8($name);
@@ -1403,15 +1398,26 @@ class rcmail_action_mail_index extends rcmail_action
                         'onclick' => sprintf("return %s.command('compose','%s',this)",
                             rcmail_output::JS_OBJECT_NAME, rcube::JQ(format_email_recipient($mailto, $name))),
                     ];
+                    $prefix = '';
 
-                    if ($show_email && $name && $mailto) {
+                    if ($name && $name != $mailto && preg_match('/@|＠|﹫/', $name)) {
+                        // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
+                        $content = rcube::SQ(sprintf('%s <%s>', $name, $mailto));
+                        $msg = $rcmail->gettext('senderphishingwarning');
+                        $prefix = html::span([
+                            'class' => 'sender-phishing-warning',
+                            'title' => $msg,
+                            'role' => 'img',
+                            'aria-label' => $msg,
+                        ], '');
+                    } elseif ($show_email && $name && $mailto) {
                         $content = rcube::SQ(sprintf('%s <%s>', $name, $mailto));
                     } else {
                         $content = rcube::SQ($name ?: $mailto);
                         $attrs['title'] = $mailto;
                     }
 
-                    $address = html::a($attrs, $content);
+                    $address = $prefix . html::a($attrs, $content);
                 } else {
                     $address = html::span(['title' => $mailto, 'class' => 'rcmContactAddress'],
                         rcube::SQ($name ?: $mailto));
diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc
index 01ed1fe53..bf48d3ffa 100644
--- a/program/localization/en_US/messages.inc
+++ b/program/localization/en_US/messages.inc
@@ -233,3 +233,4 @@ $messages['emptyattachment'] = 'This attachment appears to be empty.<br>Please,
 $messages['oauthloginfailed'] = 'OAuth login failed. Please try again.';
 $messages['oauthinvalidrequest'] = 'Authorization request was invalid or incomplete.';
 $messages['oauthaccessdenied'] = 'Authorization server or the user denied the request.';
+$messages['senderphishingwarning'] = 'This sender name and address look forged, please be careful!';
diff --git a/skins/elastic/styles/styles.less b/skins/elastic/styles/styles.less
index 560c574a2..af305c173 100644
--- a/skins/elastic/styles/styles.less
+++ b/skins/elastic/styles/styles.less
@@ -434,6 +434,14 @@ body.task-error-login #layout {
     margin: 1rem 1rem 0 1rem;
 }
 
+.sender-phishing-warning:before {
+    .font-icon-class();
+    float: none;
+    display: inline-block;
+    content: @fa-var-exclamation-triangle;
+    color: @color-message-warning;
+}
+
 #composestatusbar {
     opacity: .3;
     right: 2.5rem;