Suspected Phishing
What is Phishing?
Phishing is a type of cyber attack where attackers impersonate legitimate organizations or individuals through email, text messages, phone calls, or websites to trick you into divulging sensitive information, such as login credentials, credit card numbers, or other personal data. The messages often look authentic and may urge you to take immediate action, such as clicking a link or downloading an attachment.
How Can You Tell if You’ve Received a Phishing or Smishing Contact?
- Phishing: Suspicious emails pretending to be from trusted sources, often containing:
- Unusual or generic greetings (e.g., "Dear customer")
- Spelling and grammatical errors
- Requests for sensitive information
- Suspicious links or attachments
- Mismatched sender email addresses (e.g., klaviyo-support@gmail.com instead of official @klaviyo.com)
- Smishing: The same attack, but via SMS/text message. Signs include:
- Texts from unfamiliar numbers asking for personal info
- Links to login pages or requests to reset passwords
- Pressure to act quickly (“Your account will be locked”)
Hover over links (don’t click!) to preview URLs; genuine Klaviyo links should be from klaviyo.com or trusted subdomains.
What to Do if You Think You’ve Received a Phishing Email For Klaviyo?
This is an email that is pretending to be representing Klaviyo, or one of our employees. This email might ask you to give information about your account, or take action.
- Do NOT click any links or download attachments.
- Verify the content: Go directly to the official Klaviyo website by typing `www.klaviyo.com` in your browser, not by using links in the suspicious email.
- Report: Forward the suspicious email to your IT/security team or to abuse@klaviyo.com for further investigation.
- Make sure to include email headers and/or the email source code.
- Email headers for a Gmail account: https://support.google.com/mail/answer/29436?hl=en
- Email headers for a Microsoft/Outlook account: https://support.microsoft.com/en-us/office/view-internet-message-headers-in-outlook-cd039382-dc6e-4264-ac74-c048563d212c
- Make sure to include email headers and/or the email source code.
- Delete the suspicious email after reporting.
What to Do if You Think You’ve Received a Phishing Email From Klaviyo?
This is an email that is sent from the Klaviyo platform, that is malicious in nature and might be a scam or other malicious content.
- Do NOT respond to the email or provide any requested information.
- Check the sender’s email address: Official correspondence will come from addresses ending in @klaviyo.com.
- Contact Klaviyo support: Reach out via the official Klaviyo support link to verify the legitimacy of the message.
- Forward the email to abuse@klaviyo.com, stating your suspicion.
- Make sure to include email headers and/or the email source code.
- Email headers for a Gmail account: https://support.google.com/mail/answer/29436?hl=en
- Email headers for a Microsoft/Outlook account: https://support.microsoft.com/en-us/office/view-internet-message-headers-in-outlook-cd039382-dc6e-4264-ac74-c048563d212c
- Make sure to include email headers and/or the email source code.
- Delete the message once reported to avoid accidentally clicking it later.
How to protect yourself from being Phished?
- Always verify sender addresses before opening links or attachments.
- Enable Multi-Factor Authentication (MFA) on your Klaviyo account and email used to access Klaviyo.
- Never disclose credentials (password or one time code) or sensitive information via email or mobile messaging platforms.
- Keep software and security patches up to date, and follow guidance from your IT department if you have one.
- Be wary of urgent requests or threats demanding quick action.
- Educate yourself and your team on phishing tactics by staying informed about current scams.