Wave has unfortunately become the target of a recent phishing campaign. Some of our customers have alerted us to a fraudster advertising a phone number online, claiming it belongs to Wave. The customers let us know that when they called the number, the person who answered the call requested a Teamviewer session in an attempt to gain control over their computer.

Wave does not have a published phone number, and we will never ask for access to your computer.

Wave is growing fast, and growth is a good thing for us and our customers. But it also means we’re becoming a target for the fraudsters that target companies with a large online customer base—especially if those companies handle money. We’re being targeted because we have a lot of customers and we move a lot of money every day. Success can be a double-edged sword, and it can have a ripple effect that sometimes affects our customers.

Sadly, we have also received reports of some phishing emails being sent to Wave customers. We can’t control what others do, but it’s important to us that we do all that we can to help keep you safe. So, we’re sharing some anti-phishing tips to help you avoid getting caught in a scam:

How can I figure out if it’s a phishing email?

If you receive a suspicious email that looks like it might be from Wave, do not click the “Get Started” link in the email. (Check the next section for instructions if you’ve already done this.)

  • Do not reply to the email. This can flag your email address as an active target for scammers.
  • Do not enter your credentials into websites without first ensuring you’re in the right place. Make sure you are at the right URL and you see the lock next to the address:

alt alt

  • Check the sender! If the email says it’s from Brian, but the email address doesn’t look like mine, that’s a very strong indication that the email is bogus. Even if you recognize the address, it doesn’t guarantee that the email is safe. And if you don’t recognize the address at all, that is a huge red flag. Proceed with caution.

I’m worried I’ve been scammed. How can I fix it?

If you’re worried you’ve been affected by any phishing email, there are two important things you can do right away to help secure your account.

  1. Rotate that password
    If you ever feel that your account information may have been compromised, please follow these steps to reset your password: Reset your password. If you use the buttons below to sign up or sign in to Wave, that’s good—it means you’re protected by the powers of Google or Yahoo! alt
    Note: If you think you might have exposed your Google or Yahoo! Password by submitting them to a bad page, please follow their respective password reset procedures.

  2. Scan your systems
    Sometimes phishing campaigns pose a double threat: Not only do they try to steal your login credentials, but they might also try to infect your device with malware. If you click a link in an email and it takes you somewhere you don’t trust, you should run a full scan of your system. If you don’t have any anti-malware protection, there are some great anti-malware tools out there—some paid, some free. Once you download one, it’s very important that you make sure it’s up to date before you run a scan.

Note from Brian, Wave’s Information Security Officer: I’m not affiliated with this product in any way, but I would personally recommend grabbing a copy of MalwareBytes. Install it, run the updates, then run a full scan of your system. Download MalwareBytes from the product website.

I sincerely hope you never have to deal with a phishing email, but if you’ve read this far, you might have already dealt with one. Be proactive—prevention is infinitely less painful than correction. We hope this information helps!