Manage your business finances with Wave—it's free.
Send invoices, get paid, track expenses, pay your team, and balance your books with our free financial management software.Get started
Phishing scams: Don’t get hooked
Wave is growing fast, and growth is a good thing for us and our customers. But it also means we’re becoming a bigger target for fraudulent organizations to try and take advantage of. Phishing, online fraud, and other impersonation attempts are ongoing issues that require you to remain vigilant.
Although we can’t control what others do, we want to make sure that we're helping to keep you safe. If and when you do receive a suspicious email, there are a few things you can look out for to protect yourself against a phishing scam.
How can I figure out if it’s a phishing email?
1. Email send domain
One of the simplest ways to check if an email is legitimate is to see the signed-by domain it’s sent from. All our emails are signed by waveapps.com—any other domain here means that email isn’t from Wave.
2. Website URL
Frequently, scammers will use a URL that is close to the website that they’re trying to impersonate in order to trick a user into entering login details. If you’re visiting a website and entering your email address and password to log in, make sure to double-check the URL—look for extra letters or misspelled names to make sure you’re on the page that you meant to visit.
3. The lock icon
Our website is fully secure and your browser will display a lock icon when you visit waveapps.com. Always check for this icon to ensure your information is private and secure.
I’m worried I’ve been scammed. How can I fix it?
If you’re worried you’ve been affected by any phishing email, there are two important things you can do right away to help secure your account.
1. Rotate that password
If you ever feel that your account information may have been compromised, please follow these steps to reset your password: Reset your password. If you use the buttons below to sign up or sign in to Wave, that’s good—it means you’re protected by the powers of Google or Yahoo!
Note: If you think you might have exposed your Google or Yahoo! Password by submitting them to a bad page, please follow their respective password reset procedures.
2. Scan your systems
Sometimes phishing campaigns pose a double threat: Not only do they try to steal your login credentials, but they might also try to infect your device with malware. If you click a link in an email and it takes you somewhere you don’t trust, you should run a full scan of your system. If you don’t have any anti-malware protection, there are some great anti-malware tools out there—some paid, some free. Once you download one, it’s very important that you make sure it’s up to date before you run a scan.
I sincerely hope you never have to deal with a phishing email, but if you’ve read this far, you might have already dealt with one. Be proactive—prevention is infinitely less painful than correction. We hope this information helps!