Phishing scams – don't take the bait

by Ignacio Martinez

As more and more of our daily lives take place online, it’s only natural that we’ve become more accustomed to sharing personal, sensitive, information online. Email communication is a constant part of our daily communication – and unfortunately is also a common tool used by hackers to attempt to gain access to your sensitive information in a scheme known as phishing.

Smartsheet will never email you to request sensitive data, such as passwords, credit card details, and social security numbers. As you head into a new year resolute with new intentions, we’d like you to add a renewed commitment to online security to your list. Here’s some helpful information about phishing – and how to keep yourself safe.

What is phishing and how to spot it

Phishing is a scheme that uses fraudulent email messages, designed to impersonate a legitimate organization or person. These messages are designed to trick the recipient into downloading harmful attachments or divulging sensitive information such as passwords, bank account numbers, and Social Security numbers. Over 90% of data breaches today can be traced back to a phishing attack.

The bad actors creating these fraudulent email messages work meticulously to create very convincing looking emails from many different companies, and no company is exempt from their malicious activities. Though 1.4 million new phishing websites are created each month, there are some commonalities you can look for that indicate malicious activity:

  • Communications or forms requesting sensitive data, like passwords or bank account information
  • Language or imagery that creates a sense of urgency
  • Information that evokes strong emotions, like greed or fear
  • Messages that contain links or language that do not appear to match legitimate resources for the organization contacting you

At Smartsheet, our top priority is to protect customer data with a rigorous combination of infrastructure and processes.

Our security team works continuously to evolve our automated detection and prevention processes. It’s an ongoing challenge since bad actors are themselves continuously evolving their tactics.

When we at Smartsheet are alerted to suspected phishing attacks, we act immediately to alert the proper authorities.

What to do if you suspect malicious activity


A man sees a data breach alert on his computer

Now that you know what indicators to look out for, the next step is taking action when you receive a suspicious communication that appears to be from Smartsheet. Smartsheet has a strict, zero-tolerance policy against phishing scams, and we take reports of such activity seriously.

If you suspect that you are receiving malicious communication that appears to be coming from Smartsheet, your first instinct may be to either ignore or delete suspicious emails. Please do not delete the mail; instead, report it to our security team. We will examine your report and, if necessary, advise you of any further steps that may need to be taken.

To report a suspected phishing scam, please forward the email in question as an attachment to And keep an eye out for more updates from our security team in the near future, as we are taking steps to make this process even easier.

For more on our approach to protecting your data, please see the Smartsheet privacy policy.

Subscribe to the Smartsheet IT Newsletter for tips, strategies, and ideas focused on helping IT professionals increase their impact on their business.