Smartsheet is committed to keeping your sensitive information secure. As part of that, we’ve assembled this list of tips to help you spot and report fraudulent activity—commonly known as phishing or spoofing.
Recognizing a Phishing Scam
One tactic that scammers use is to create email messages that look official (for example, the message may look like one generated by Smartsheet). They then trick you into visiting a fake website that asks you to provide sensitive information, such as your Smartsheet login and password.
Here are some things to look for if you suspect malicious activity:
- Links that appear to be Smartsheet links but aren't. Do not click the link. Instead, hover your mouse over the link to inspect it. Look closely at the URL. Even if the name includes the word Smartsheet, it may not be legitimate. For example, a bad actor may create a website called something like "smartsheetfakewebsite.com" in an attempt to lure you to their site.
- Buttons that appear to direct you to a Smartsheet login or sheet but don’t. Again, don’t click the link. Instead, hover your mouse over the button to inspect the target.
A link to the Smartsheet app will always start with this: https://app.smartsheet.com
If the link looks phishy, don’t click it.
NOTE: This URL is also the address of the Smartsheet login page. You can always use this address directly (by copying it and pasting it into the address bar of your browser) to log in to Smartsheet.
- Urgent appeals. Smartsheet will never claim that your account may be closed and then ask you to provide sensitive information in an email message.
- Messages from people you don’t know. If you receive a request to add or update information to a sheet from someone you’ve never heard of, take a few minutes to investigate and verify that the person or request is legitimate.
- Messages about system and security updates. We will never claim the need to confirm important information in an email message due to system upgrades.
- Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing or inconsistent visual design. (If a Smartsheet email looks off to you, for example if the button design looks like it’s the wrong shape or color, compare it to other messages that you know are legitimate Smartsheet messages.)
- Unsolicited password reset messages. Be suspicious of these if you DID NOT request to reset a password. If you receive a password reset mail that you did not initiate, ignore it or reach out to the business or organization to verify its legitimacy. An attacker may be trying to trick you into changing your password to a less secure one.
Steps to Take If You Suspect Fraud
If you suspect that you’ve received a spoofing email or are directed to what appears to be a fraudulent website that is using Smartsheet’s name, please report it to firstname.lastname@example.org. Please forward any suspicious email messages by attaching them to the message that you send to abuse@.
If you think you may have inadvertently disclosed sensitive information, you should reset your Smartsheet password. You can start that process by visiting the Smartsheet Reset Password page: https://app.smartsheet.com/b/pwd
For more information, see Changing and Resetting your Password.
Where to Find More Information
Check out these Smartsheet Content Center articles:
For general information about phishing and best practices that can help you avoid being scammed, please see: https://staysafeonline.org/stay-safe-online/online-safety-basics/spam-and-phishing/