How to identify and report phishing emails pretending to be from Flodesk

If you receive an email that looks like it's from Flodesk but asks for your login details or directs you to a suspicious link, it may be a phishing attempt. These attacks aren't unique to Flodesk and can target users across many platforms.

This guide explains how to spot a phishing email, verify whether a message is really from Flodesk, and what to do to keep your account safe.

A phishing email is a fraudulent message that impersonates a trusted company, like Flodesk, to steal your password or personal information. They're often convincing, so knowing what to look for makes a big difference.

Phishing emails typically:

• Imitate trusted brands like Flodesk

• Send you to fake login pages designed to steal your credentials

• Use publicly collected email addresses to reach as many people as possible

Watch for these warning signs:

• Password requests — Flodesk will never ask for your password via email. Ever.

• Suspicious links — Links may appear legitimate but redirect to fake websites. Always hover before you click.

• Urgency or pressure — Messages that rush you to act right away are a red flag.

• Unusual sender addresses — Legitimate Flodesk emails come from official Flodesk domains, not Gmail or unfamiliar addresses.

Before clicking anything, take a moment to check:

1. The URL in your browser When logging in, your address bar should show one of these:

• https://flodesk.com

• https://app.flodesk.com/sign-in

If the domain looks different in any way, don't enter your credentials.

2. The sender's email address Legitimate Flodesk emails always come from an official Flodesk domain. If the sender address looks off or unrelated to Flodesk, treat it with caution.

3. Where links actually go Hover over any link before clicking it. If the destination URL looks unfamiliar or unrelated to Flodesk, don't open it.

If something feels off, don't engage with the email. 

1. Don't click any links or buttons

2. Don't enter your login details anywhere

3. Report the email as phishing in your inbox (Gmail, Outlook, and most providers have this option)

4. Forward the email to abuse@flodesk.com — this helps us investigate and take down malicious sites quickly

Act quickly — the sooner you do this, the better:

1. Reset your Flodesk password immediately

2. Log out of all active sessions if you're able to

3. Contact us at abuse@flodesk.com so our team can help

4. Monitor your account for any unusual activity

We take your account security seriously. Here's what we do on our end:

• Actively investigate and take down phishing websites

• Monitor for suspicious login activity

• Proactively force password resets or sign-outs when needed to protect your account

A few simple habits go a long way:

• Type flodesk.com directly into your browser instead of clicking email links

• Never share your password with anyone — including us

• Be cautious of emails asking you to "verify" or "confirm" your account

• Use a strong, unique password for your Flodesk account

Does Flodesk ever ask for my password by email?
No. We will never ask for your password via email.

What should I do if I get a suspicious email?
Don't click anything. Report it as phishing in your inbox and forward it to abuse@flodesk.com.

How can I tell if a login page is fake?
Check the URL. Only enter your details on https://flodesk.com or https://app.flodesk.com/sign-in. If it looks any different, close the tab.

What happens if my account is compromised?
Reset your password immediately and contact abuse@flodesk.com. Our team may walk you through additional steps to fully secure your account.

Are these attacks specific to Flodesk?
No. Phishing attacks target users of all kinds of platforms and services — you're not alone.