The collaboration features in Smartsheet make work for people and businesses easier. These same capabilities also make Smartsheet attractive to scammers who may attempt to use it to send spam. While the Smartsheet platform does do a number of things to automatically detect these bad actors and shut them down, the automatic detection isn't always perfect. If you suspect that someone is using Smartsheet or Smartsheet’s name as part of a scam, let us know by contacting Smartsheet at firstname.lastname@example.org—please include any suspect messages as attachments to your email message.
If you’ve already reported a scam to us, thank you! To help you understand more about this issue, here’s some information about common spammer tactics and things you can do to avoid their schemes.
What Spammers Do with Smartsheet
Spammers assemble lists of email addresses and then use the Smartsheet system to send spam email to all of them. The vast majority of the people that get spammed aren't even Smartsheet users—they are just random people that the bad actors target.
How Spammers Get Email Addresses
Here are a few ways spammers collect email addresses:
- They buy lists (legally or illegally).
- They use "harvesting" programs—crawl and scrape programs—that scour the Internet for instances of text that looks like it might be an email address.
- They use "dictionary" programs (in the same way that hackers do). These products generate alphabetic/numeric combinations of addresses in sequence. While many of the results are incorrect, these dictionary programs can create hundreds of thousands of addresses per hour, guaranteeing that at least some will work as targets for spam.
- You unwittingly volunteer your email address to a subscribe/unsubscribe online service. A common unsubscribe tactic is to blast millions of people with a false "you have joined a newsletter" email. When recipients click the Unsubscribe link, they are actually confirming that a real person exists at their email address.
Things You Can Do to Protect Yourself Against Spam
Here are a few best practices to help you cut down on the amount of spam you receive.
Use spam filters. Most email providers include a spam filter in their offerings. If your provider doesn’t have one, consider switching to a provider that does.
NEVER respond to spam. When you respond to spam, you let the spammer know that yours is a valid email address. That is, just by responding to spam, even if it’s simply to say “stop sending me this,” you’ll actually encourage more spam.
Don’t click links in spam email. One trick to be aware of, in particular, is that spammers will send email messages containing fake Unsubscribe links. This is a type of phishing scam that allows the spammer to validate your email address. Clicking Unsubscribe in this type of message will simply increase the amount of spam you receive.
Keep your web browser up to date. Stay protected from vulnerabilities that may exist in outdated software by ensuring that you’re using the latest version of your web browser.
Use CAPTCHA for forms. Ensure your sheets and forms are not used for spam. Enable CAPTCHA for forms, and avoid publishing to non-authenticated users unless necessary.
Use a unique email address when you register on a website or join a group. When you need an email address to join a mailing list, sign up for services, request more information, or register for a service, unique email address that you create just for that purpose. For example, when you need an email address to receive receipts via email, use a free email address from a site like Gmail or Yahoo and create an address especially for that purpose. Consider using a similar strategy for posting to the web in social media, a listserv, a newsgroup, a contact page for a website, or other online forums where you need to use an email address for access.
TIP: One way to easily create a unique address is to create a modified version of your email address —this will allow you to filter emails sent to that modified address. For example, Gmail allows you to append a plus sign ("+") and any combination of characters after the initial part of your email address, and you'll still receive the emails. For more information about how to do that, read this post in the Official Gmail Blog.