Skip to main content
All CollectionsTidyHQ Support
Identifying and Protecting Yourself from TidyHQ Phishing Attempts
Identifying and Protecting Yourself from TidyHQ Phishing Attempts

Phishing scams are on the rise and Tidy is not immune from them. Please be alert and aware.

Updated over a year ago

Every now and then, an individual or group might attempt to impersonate TidyHQ in order to gain access to your personal information. This could include passwords, secret codes, or other sensitive data, so it's crucial to know how to identify and outsmart these so-called "phishing" attempts.

To help you understand, let's imagine someone comes up to you and pretends they're your best friend. They ask you for some personal information. Because they look and sound like your friend, you may not immediately realise it's an impersonator. In other words, they're "phishing" for information.

"And how do I avoid these impersonators?" we hear you ask. Well, we have a few handy pointers to help you stay safe:

Check the Email is Genuine: A legit TidyHQ email always comes from an "@tidyhq.com" address. If it doesn't, it's a surefire signal something fishy is going on. We have recently seen AI tooling do a better job of ghosting our domain so they may at times outsmart this domain check.

Check for Errors: Phishing emails often contain spelling or grammar errors. We try our very best to keep our communication polished and mistake-free.

Review the Salutation: We know your name, and we use it. If you see something vague like "Dear User" or "Dear Customer," be cautious.

Beware of Unusual Requests: If an email is asking for your password, it's not from us. We'll never ask for this information.

Do Not Open Unknown Attachments: If you receive an unexpected email attachment from the blue - be careful. It might not be what it seems!

Okay, you spot a fishy email. What's next? Just follow these steps:

Report to us: Simply forward the phishing email to our support email support@tidyhq.com

Don't Click Anything: It's best not to click any links or download any attachments in the suspicious email.

Update Passwords: If in doubt, change your passwords straight away.

Do not publish your committee contact information on the website, use a form. Scammers often scrape sites to glean contact information, role names and emails to leverage them in creative ways. To prevent this we strongly advise that you don't make this information public on Tidy or anywhere else.

Our priority is to keep your TidyHQ experience smooth, secure, and enjoyable - after all, you're part of our community!

Stay safe, folks!

The TidyHQ Team

Some examples:

Did this answer your question?