Cybercriminals are constantly finding new ways to trick people into giving up sensitive information. These scams often target small businesses and their customers by pretending to be trusted companies, like Vagaro, banks, or payment providers. Knowing the warning signs of phishing, vishing, and social engineering can help you protect your business. Some examples we've seen include:
-
Someone claiming ot be a Vagaro representative.
-
Someone offering to feature your business on Vagaro's main page.
-
Someone offering a promotion to advertise your business and increase your customers.
-
Someone stating that Vagaro charges 30% for all new clients who book online and offering a one-time fee to waive this charge.
Clicking even one link can compromise your account. A single click or an opened attachment can install malware that gives criminals access to your computer or device, where they can:
-
Lock you out with ransomware until a fee is paid.
-
Allow attackers to spread deeper into your company's servers or cloud storage.
-
Steal confidential business information and customer data.
-
Damage your business's reputation.
These scams can look convincing, but knowing the warning signs of phishing, vishing, and other social engineering tactics will help keep your business safe.
Phishing happens when scammers send fraudulent emails or text messages that look like they’re from a trusted source. These messages often:
-
Ask you to click on a link to "verify" account details.
-
Urge you to log in to fix an account issue.
-
Include attachments that may install malware.
If you receive an email that looks like it’s from Vagaro but asks for personal information or payment outside of the system, don’t respond. Instead, report it to support@vagaro.com.
Vishing, or “voice phishing,” is when criminals use phone calls or voicemails to pose as trusted companies or even government agencies. They may:
-
Claim there's a problem with your account or payment.
-
Pretend to be Vagaro.
-
Pressure you to act quickly, such as transferring funds or providing login details.
Tip
Vagaro will never call you to ask for your password, two-factor authentication code, credit card number, or bank account details. If you receive a suspicious call, hang up and contact us directly through the official support channels in your Vagaro account.
All promotional announcements Vagaro sends can be found on the Vagaro software itself or from an email ending with @vagaro.com, like admin@vagaro.com or support@vagaro.com.
Social engineering refers to any tactic where criminals manipulate human trust instead of hacking technology. This includes phishing and vishing, but can also involve:
-
Pretexting: Creating a fake scenario to gain your trust (for example, pretending to be from your business).
-
Baiting: Offering something enticing (like “free software”) to trick you into downloading malware.
-
Tailgating: Trying to physically enter a restricted area by following an employee.
Scammers succeed by creating urgency, authority, or fear. For example, they might say, “Your account will be suspended unless you act now.” Recognizing these red flags is the best defense.
When fraudulent communication happens in the workplace through an email that appears to come from a colleague, client, vendor, or other trusted source, it’s known as Business Email Compromise (BEC). In some cases, the attacker may have gained access to a legitimate email account that’s been compromised, making the message look even more convincing. While the impact of BEC can feel overwhelming, there are steps you can take to protect your business, your customers, and your employees:
-
Verify payment or data requests with a phone call to a known contact.
-
Avoid clicking on links or attachments from untrusted sources.
-
Educate employees to report suspicious emails.
-
Use strong passwords and multi-factor authentication on all email accounts.
-
Regularly review your email account settings for unauthorized forwarding rules.
If you believe you’ve received a phishing email, a vishing call, or another type of social engineering attempt:
-
Do not respond, click links, or download attachments.
-
Forward suspicious emails to support@vagaro.com.
-
Report vishing calls by noting the caller ID and details, then contact Vagaro Support directly.
-
US: (925) 464-1932 ext. 2
-
UK: 020 3876 9138 ext. 2
-
Australia: (02) 8319 9138 ext 2
-
Canada: 778 897 2477
-
-
Alert your bank or credit card provider if you may have shared financial information.
-
Set up a safe IP address at your business.
Comments
3 comments
We have been receiving texts to confirm a log in for several of our accounts, even though we have not been logging in. These come every Sunday for the past few weeks. We changed our emails and that stopped it for a week then it started up again under the new emails.
We received multiple calls saying they were from Vagaro claiming that we had complaints that our on-line booking was not working. We checked it out and it was working fine. The person on the phone asked for our e-mail address to verify that it was us and I told him if he was from Varago then he should already know our email address. He promptly hung up.
That's great due diligence! You are correct, Vagaro would know that information.
Thanks, Jamie
Please sign in to leave a comment.