Security Notices

At KashFlow, we’re dedicated to helping our customers with every aspect of running a small business, including keeping them safe.

Unfortunately, phishing emails and online scams are increasingly common. One of the most frequent scams is an email pretending to be from a large company, which is used to install malware or harvest details. As scammers remain persistent and scams grow more sophisticated, these emails become more realistic.

These emails are never sent from the company, and should be handled correctly. For tips on how to handle phishing attacks, please see our guide on How to Handle a Phishing Attack.

If you think you’ve received a phishing email or similar scam pretending to be from us, please report it to us and we’ll handle it immediately. Contact either support@kashflow.co.uk or support@kashflowpayroll.co.uk with the subject line: Phishing Alert.

Below are recent security threats our customers should be aware of.

11 September 2017

A phishing email was sent out using KashFlow’s brand, with a subject line that reads “RTI filing completed”. Other variations of this subject line may be in circulation.

This was not sent by us or any of our affiliates.

Notice the DNS address – this email came from payrollworkflow.com and not from KashFlow. This is one way scammers trick people into opening their emails and attachments.

If you have received this email, mark it as spam and delete it. Do not open any links or attachments as these may result in you downloading a malicious file.

The virus linked to this email is called Dridex. This is designed to harvest banking details from your device. If you have accidentally opened a link, you should contact your bank immediately.

See how KashFlow works with your business and your books