Safety & Security·6 min read·Updated 1 April 2026

Phishing & Fraud Awareness

Q: I received an email from billing@askbiz.co but I'm not sure it's real. How do I verify?

Log in to askbiz.co directly (type it in your browser — do not use any link from the email). Go to /billing → Billing History. If the invoice or charge shown in the email matches what you see in your account, it was genuine. If it doesn't appear in your account, forward the email to security@askbiz.co.

Q: Someone called me claiming to be from AskBiz support. Is that normal?

AskBiz does not make unsolicited outbound phone calls. If you receive an unsolicited call claiming to be from AskBiz, hang up and email support@askbiz.co to verify. We do make scheduled calls if you have booked a support session — but we would not call without prior arrangement.

Q: I accidentally entered my password on a fake site. What do I do?

Act immediately: change your AskBiz password, revoke all sessions, delete all API keys, and email security@askbiz.co. If you used the same password on other services, change those too. Enable 2FA if you have not already.

How to recognise phishing emails, fake AskBiz websites, and social engineering attempts targeting your business account. Real examples and what to do if you're targeted.

What Is Phishing?

Phishing is when an attacker impersonates a trusted company — in this case, AskBiz — to trick you into revealing your login credentials, financial details, or granting access to your account. Business accounts are a high-value target because they connect to revenue data, payment platforms, and supplier information.

Phishing attacks targeting SaaS business tools are increasingly sophisticated. They do not look like the obvious scam emails of ten years ago — modern phishing emails are well-written, correctly branded, and often reference real details about your account or business.

How to Recognise a Phishing Email Claiming to Be From AskBiz

Check these things before clicking any link in an email that claims to be from AskBiz:

Sender address: All genuine AskBiz emails come from @askbiz.co addresses only. Specifically:

hello@askbiz.co — general communications
billing@askbiz.co — invoices and payment receipts
security@askbiz.co — security alerts
support@askbiz.co — support responses
noreply@askbiz.co — automated notifications

Phishing emails often use addresses like askbiz@gmail.com, billing@askbiz-support.com, or askbiz.co@someotherdomain.com. Check the full address, not just the display name — a phishing email can display the name as AskBiz while the actual sending address is something else entirely.

Links: Hover over (do not click) any link before clicking. The URL should start with https://askbiz.co/ — not https://askbiz.support-login.com or similar. Never enter your password on any page that is not at askbiz.co.

Urgency and threats: Legitimate AskBiz emails do not threaten immediate account suspension, demand payment within hours, or claim your account will be deleted unless you act now. If an email creates high urgency around account access or payment, treat it with suspicion.

Attachments: AskBiz will only send PDF invoice attachments from billing@askbiz.co. We do not send executable files, ZIP files, or Word documents. Do not open unexpected attachments.

Common Phishing Scenarios Targeting Business Users

Be aware of these specific scenarios:

Fake invoice or payment failure: An email claiming your AskBiz payment failed or an invoice is attached, asking you to click a link to update payment details. Verify by logging in directly to askbiz.co — never via a link in the email.

Fake security alert: An email claiming suspicious activity on your account, with a link to verify or reset your password. If you receive this, go directly to askbiz.co and log in yourself — do not use the link.

Fake upgrade offer: An email offering a special discount or free upgrade, asking you to click and enter card details. AskBiz promotions are managed entirely within the app at /billing — we do not collect card details via email links.

Impersonation via phone or message: Someone claiming to be AskBiz support, asking for your password, 2FA code, or remote access to your device. AskBiz support staff will never ask for your password or 2FA code by any channel.

Connected platform spoofing: A fake Shopify or Amazon notification claiming there is a problem with your AskBiz integration, asking you to re-authenticate. Always go directly to the platform URL — never via a link in an unexpected email.

What AskBiz Will Never Ask You

Regardless of the context or urgency, AskBiz staff will never:

Ask for your password
Ask for your 2FA code or backup codes
Ask for remote access to your computer
Ask for your full payment card number
Ask you to transfer money to verify your account
Ask you to install software to resolve a support issue
Contact you via WhatsApp, Telegram, or personal social media to resolve account issues

If anyone claiming to be from AskBiz asks for any of the above, end the conversation and contact support@askbiz.co directly to report it.

Protecting Your Business from Business Email Compromise (BEC)

Business Email Compromise (BEC) is a specific attack where fraudsters impersonate a supplier, partner, or colleague to divert payments or extract sensitive financial information. As a business founder using AskBiz, you are a target for BEC because your account signals that you manage significant revenue.

Practical defences:

Verify payment changes by phone — if a supplier emails to say their bank details have changed, always call them on a number you already have to confirm before making any payment
Be sceptical of urgent payment requests — a supplier or colleague asking you to make an urgent payment outside normal processes is a red flag
Check email addresses carefully — BEC attackers use look-alike domains (e.g. supplier-name.co vs supplier-name.com)
Use two-person authorisation for large payments — never let a single email trigger a large transfer without a second approval

What to Do If You Receive a Suspicious Email

1. Do not click any links — not even to 'unsubscribe'

2. Do not reply to the suspicious email

3. Forward it to security@askbiz.co — we investigate all reports and can confirm whether it was genuine

4. Report it to your email provider — use the Report Phishing or Spam function in Gmail, Outlook, or Apple Mail

5. Report it to the NCSC (UK) — forward suspicious emails to report@phishing.gov.uk. The National Cyber Security Centre investigates these.

6. If you already clicked a link or entered credentials: change your AskBiz password immediately, revoke all sessions, and contact security@askbiz.co

Frequently Asked Questions

I received an email from billing@askbiz.co but I'm not sure it's real. How do I verify?

Someone called me claiming to be from AskBiz support. Is that normal?

I accidentally entered my password on a fake site. What do I do?

Was this article helpful?

👍 Yes 👎 No

Still stuck? Email our support team.