by Ignacio Martinez on March 1, 2018
​

In a previous post, I talked about email phishing — a scheme used by hackers to try to gain access to your sensitive information, by imitating or impersonating a legitimate organization.  With phishing, the bad actor convinces you to key in your sensitive information which they then collect for misuse.  

There is also a separate scheme known as spoofing, where the hackers create a nearly pixel-perfect message that tries to convince you to click on a button or download an attachment that actually contains a malicious payload.

While one scheme tries to “pull” information and the other attempts to deliver malicious software, both can be deployed and delivered in similar looking email messages. Although the messages can look convincing, there are ways to spot them. Today I want to take a look at some quick ways to see if a suspect message is legitimate or not.

Smartsheet will never email you to request sensitive data, such as passwords, credit card details, and social security numbers. However, malicious actors may use a very convincing email leading you to what appears to be a a Smartsheet login page or authentication page to entice you to either enter your credentials or to download malicious software to your system.
​
Our security team works continuously to evolve our automated detection and prevention processes, and we act immediately when alerted to suspected phishing or spoofing attacks to shut them down. Unfortunately, bad actors are continuously evolving their tactics, so we want to make sure that you have some tools to detect phishing or spoofing and avoid becoming a victim of such an attack.
​

by Ignacio Martinez on January 12, 2018

As more and more of our daily lives take place online, it’s only natural that we’ve become more accustomed to sharing personal, sensitive, information online. Email communication is a constant part of our daily communication – and unfortunately is also a common tool used by hackers to attempt to gain access to your sensitive information in a scheme known as phishing.

Smartsheet will never email you to request sensitive data, such as passwords, credit card details, and social security numbers. As you head into a new year resolute with new intentions, we’d like you to add a renewed commitment to online security to your list. Here’s some helpful information about phishing – and how to keep yourself safe.