Phishing Waveapps Emails ?
Unies
Member Posts: 1
Been receiving waveapps emails asking to login to keep using the service even though I've been using it monthly. The links redirects to http://email03.waveapps.io/c/ and my AV blocked it as suspicious site: This web site has been reported as suspicious. We recommend that you do not visit this web site.
0
Comments
Hi, @Unies.
Following Canadian Anti-Spam Legislation (CASL), Wave only has permission to send automated emails for a certain period if your account is inactive. The whole legislation is a little more complicated than that and has other points, but this is why we send out emails to inactive accounts after a certain time.
If this is the email I believe it is (you can send me a screenshot of it via private message to confirm), this just means that your account was inactive for a little too long. I did a bit of digging and noticed that there were two accounts using the name of your business. Was that email sent to a different email than the one attached to your main Wave account? It's fairly common that Wave users create a secondary account by accident while trying to log in with the wrong email address.
Let me know if that clears things up.
I would like to report abuse.
I'm concerned because one of my customers received a bogus fishing invoice
from a different waveapps user. I'm concerned there may be a breach in WaveApps security. I'm not sure it's just a coincidence that the sender of the fishing email got my clients email a different source.
Hi @volkswagner . I do want to ensure you that we take security very seriously at Wave. I see that you've been in touch with our support agent through ticket which I'm happy to hear. If you have any further questions, please reach out to the agent directly as they should be able to help.
The same happened to me this was the text from the email:
Hello,
Take a look at this and see if everything is up to code. Let me know if there’s anything wrong.
ATTACHMENT DOCUMENT
Thank you
ok, just a reminder, I did not get any email from you about that password you mentioned on the phone call.
Please forward it so I can find some info possibly.
Thank you in advance,
Hey there @Eric_Douglas
My apologies that you were involved by an outside phishing scam. For future matters, if any company reaches out asking you for your password, you should never give it up! A password does not belong in the hands of a tech company even if they need to access your account for technical support.
We at wave never ask you for your password so this most definitely does not look like it's from us.
I suppose one of my primary concerns is that they want you to log in with your wave account!
You're lucky that you didn't try the free trial. I am desperate for this functionality so I gave it a shot and I am very sorry I did.
Within about 30 minutes, I realized that the software is practically unusable unless you have only a few items/services.
I was able to delete my TIDL account but there's no way to "disconnect" it from my Wave account. I have Wave support telling me that it's through Zapier but I didn't have a Zapier account so I opened one only to find there is no Zap for it.
What's scary is that the Wave support people don't even know how to disconnect it!