A checklist to help identify, prevent, and report phishing scams

Tis the season to be jolly, and to be weary of phishing emails. 


With the festive season around the corner, your inbox will no doubt be full of emails about discounts and hot deals. Which makes it the perfect time of year for phishing scams to intensify. We want to reshare some tips and resources to help you recognize phishing scams and protect your business. We recommend sharing this with your team too.


What is phishing?

Phishing is an attempt by a fraudster to collect personal and/or financial information. These fraudsters typically acquire this information by verbally requesting it over the phone, by posting links or false phone numbers on social media sites, or by sending unsolicited emails or text messages, so that the recipients enter personal information into fake websites or phone systems posing as real ones. And the reality is these phishing scams have gotten more and more sophisticated. 


Know the red flags

Emails or communications with a bunch of typos or grammatical mistakes, or that come from a weird-looking address, should raise some suspicion. Scare tactics or “better act now” types of messaging are usually a red flag. As a general rule, don’t open or click links in emails or texts with these characteristics. 


Some common themes phishing emails use:

  • Noticing account activity or issues with your account that require your immediate attention
  • Links that mention you need to “log in” to confirm something, receive something, or cancel something
  • Free items and services or too-good-to-be-true discounts


Think twice before clicking or downloading

If an email or text is coming from a source you don’t recognize, it’s best not to interact with anything it contains. That means no clicking links, no downloading files and no opening attachments. Generally, you should only open email attachments if you are expecting them and know what information they will contain.


Protect sensitive information

You should never give out any sensitive information like your full bank details, username, password, payment card information or identification number over email, phone or text message. Be skeptical of any time you’re asked to do this as reputable sources will have you go through a secure portal. If you are asked to verify details over the phone, make sure you are the one who initiated the call.


How to verify a website

Before you enter any sensitive information into any website form — be it your password, card information or bank details — make sure it’s a trusted, verified site. When in doubt about a Square link, contact us for confirmation that the link is secure, or open a new browser and go directly to www.squareup.com/login


Use different passwords for different accounts

Strong passwords are important but as iron-clad as your logins may be, you shouldn’t be using the same password for all email, bank, business, and other accounts. And it’s a good habit to change your passwords every so often as well. 


Enable two-factor authentication

Two-factor authentication is a security process that requires two methods of verification to log in to your account. Many web services and apps — like your Square Dashboard — will send a text message with an additional code that you need to log in. While this adds an extra step to signing in, it also adds an extra layer of security and can help protect you against unwanted activity on your accounts.


Find the steps to enable two-factor authentication on your Square account in our Support Center. You can set up two-factor authentication not just for yourself but also for members on your team.


If something seems fishy

If you suspect you may have been the target of a phishing scam, check your email logs to see if there have been any strange logins to your account and log out all active sessions. Go through your bank account statements to make sure there is no unusual activity and all your transfers are going to the correct account.


How to recognize a call or email from Square

If you believe you called a fraudulent number for Square, or if you receive a suspicious phone call, do not provide any personal or account information and end the call immediately. You can contact our Support to verify by signing in to your account and visit Square’s contact page


If you have received a suspicious email regarding Square, don’t reply to the message, do not share any information, don't click any links or open any attachments. Please forward any suspicious emails to spoof@squareup.com to report the incident. Do not include any other information in the email you forward. The appropriate team will investigate and take action if needed.


Square will not ask for sensitive information in an email. We will always direct you to login to your account or contact our Customer Success team. 

If you think your information has been compromised due to a phishing scam, please change your email and Square account passwords immediately and report the incident to our Customer Success team.

️ Helen
Seller Community Manager

Did you find help in the Seller Community? Mark a Best Answer to help others.
Message 1 of 1