Protecting your account from phishing
What is phishing?
Phishing is an attempt to gain account information or other personal information from someone through email, usually by impersonating a legitimate organization. Phishing emails will often contain links to fake web pages that look similar to a real service in order to trick you into entering your account information.
We've become aware of some phishing emails impersonating Trello. These emails may look innocent at first glance, but there are some ways that you can differentiate these scam emails from legitimate emails sent by Trello.
How to spot phishing
Ways to identify phishing and spoofing emails include:
- Links that appear to be Trello links but aren’t. If you hover over a link in a suspicious email, your browser or email client will most likely show you the destination URL. Don't click the link — just look closely at the URL: A URL that is formatted trello.fakewebsite.com is taking you to a location on fakewebsite.com. Just because “trello” is part of the URL doesn't guarantee that it's an official Trello site.
- Emails that don't come from an @trello.com email address. All legitimate emails from Trello will come from an @trello.com email address. If the from address is the email address of someone you know, that person's email account may have been compromised — Trello does not send emails from our users' email addresses.
- Requests for personal information. Trello emails will never ask you to reply in an email with your password, credit card number, or any other personal information.
- Obvious typos and other errors. Be on the lookout for typos or grammatical errors, awkward writing and poor design that doesn't match other emails from. These are all common indicators of fraudulent emails and websites, although not every phishing email will have these obvious mistakes.
What to do if you receive a phishing email
Do not reply to the email or click on any links within the email.
Many email programs include an option to report an email as phishing or spam. Please use this method to report the suspicious email to your email provider. If you're not sure if an email is from Trello or not, send us a screenshot, and we'll be happy to look into it for you.
Sometimes phishing attempts can look very convincing. If you've already provided your Trello account information to a phishing scam, change your password as soon as possible by going to https://trello.com/forgot if you have a Trello account or https://id.atlassian.com/login/resetpassword if you use Trello with an Atlassian account. If you use the same password for any other services, you should change those as well.
If you have your credit card information stored in your Trello account and suspect that it may have been compromised, contact your issuing financial institution to check your account immediately.
For more information, see: What to do if your account is compromised
Known phishing attempts
July 18, 2016
We've become aware of a phishing attempt sending out emails claiming to share a document through Trello:
This is not a legitimate email. Trello does not have a feature called "Slides", and the link within this email does not go to an actual Trello page. These emails are being sent from compromised email accounts to that individual's email contacts, whether or not that individual has ever signed up for a Trello account.