Tips to avoid phishing scams

Review this list of tips to help you spot and report fraudulent activity—commonly known as phishing or spoofing.

Who can use this?

Plans:

  • Smartsheet
  • Pro
  • Business
  • Enterprise

Smartsheet is committed to keeping your sensitive information secure. As part of that, we’ve assembled this list of tips to help you spot and report fraudulent activity—commonly known as phishing or spoofing.

Recognize a phishing scam

One tactic that scammers use is to create email messages that look official, like one generated by Smartsheet. They then trick you into visiting a fake website that asks you to provide sensitive information, such as your Smartsheet login and password.

Here are some things to look for if you suspect malicious activity:

  • Links that appear to be Smartsheet links but aren't. Don't click the link. Instead, hover your mouse over the link to inspect it. Look closely at the URL. Even if the name includes the word Smartsheet, it may not be legitimate. For example, a bad actor may create a fake website in an attempt to lure you to their site.
  • Buttons that appear to direct you to a Smartsheet login or sheet but don’t. Again, don’t click the link. Instead, hover your mouse over the button to inspect the target link.
  • A link to the Smartsheet app will always start with this: https://app.smartsheet.com. If the link looks phishy, don’t click it.

This URL, https://app.smartsheet.com, is also the address of the Smartsheet login page. You can always use this address directly (by copying it and pasting it into your browser's address bar) to log in to Smartsheet.

  • Urgent appeals. Smartsheet never claims that your account may be closed and then asks you to provide sensitive information in an email message.
  • Messages from people you don’t know. If you receive a request to add or update information to a sheet from someone you’ve never heard of, take a few minutes to investigate and verify that the person or request is legitimate.
  • Messages about system and security updates. We never claim the need to confirm important information in an email message due to system upgrades.
  • Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing, or inconsistent visual design. (If a Smartsheet email looks off to you, for example, if the button design looks like it’s the wrong shape or color, compare it to other messages that you know are legitimate Smartsheet messages).
  • Unsolicited password reset messages. Be suspicious of these if you DIDN'T request to reset a password. If you receive a password reset mail that you did not initiate, ignore it or reach out to the business or organization to verify its legitimacy. An attacker may be trying to trick you into changing your password to a less secure one.

Steps to take if you suspect fraud

If you suspect that you’ve received a spoofing email or are directed to what appears to be a fraudulent website that is using Smartsheet’s name, report it immediately to abuse@smartsheet.com. You can forward any suspicious email messages by attaching them to the message that you send.

If you think you may have inadvertently disclosed sensitive information, you should reset your Smartsheet password. You can start that process by visiting the Smartsheet Reset Password page: https://app.smartsheet.com/b/pwd

For more information, see Changing and Resetting your Password.

Where to find more information

Check out these Smartsheet Content Center articles:

For general information about phishing and best practices that can help you avoid being scammed, please reference the following: