At Alohi, safeguarding your trust and ensuring the security of our services is our highest priority. We take all reports of suspicious activity seriously and encourage you to share any security concerns you may encounter. Acting quickly allows us to investigate thoroughly and maintain a safe environment for everyone.
Alohi Authorized Communication Channels:
Authorized domains: www.alohi.com, www.sign.plus, www.fax.plus, www.scan.plus.
Authorized emails: @alohi.com, @sign.plus, @fax.plus, @scan.plus.
Everything from Alohi—whether it’s a product, service, or communication—will always originate from one of our authorized domains or email addresses. If you receive messages claiming to be from Alohi but originating from any other domains (especially those with subtle misspellings or extra characters), treat them as suspicious report them immediately by sending an email to security@alohi.com or clicking the button below..
Immediate security reporting: What to do first?
When you notice suspicious activity or potential threats, acting without delay is essential. By following the steps below, you help to ensure our security team can investigate promptly and maintain a protected environment for everyone.
Which suspicious activity matches your situation?
- I received a suspicious email claiming to be from an Alohi authorized domain.
- I noticed a website or domain impersonating an Alohi authorized domain.
- I encountered a suspicious document that appears to come from Sign.Plus.
- I suspect an Alohi user is engaging in fraud or illegal activity.
- I suspect someone is using Fax.Plus to commit fraud or illegal activity.
- I have a security concern that isn’t covered in the scenarios above.
What are the immediate steps to take?
When you notice suspicious behavior, potential threats, or any type of questionable activity, it’s critical to take action without delay. For any potential threats, make sure to take the following immediate steps:
- Send an email to security@alohi.com immediately so our team can investigate and respond appropriately. Make sure to use "security incident reporting" as the subject of the email.
- Note the date, time, and any relevant details about the incident. Gather screenshots, emails, or other supporting evidence.
- In addition to contacting our team at security@alohi.com, notify any individuals within your organization who may be affected or need to take preventive measures.
- Do not engage with suspicious emails, links, or communications. Refrain from clicking on unknown attachments or URLs until the issue has been investigated.
- Keep an eye on your inbox for any additional guidance from our team. If you discover new information related to the incident, send it promptly to security@alohi.com.
Acting quickly and providing detailed information can help us resolve incidents faster and prevent potential harm. If you have any questions or need further assistance, please reach out to us at any time.
What are the different types of security concerns?
Imitation of our brand
This involves deceptive emails, links, or websites that mimic our official communications but are actually created by third parties to trick you.
Guidelines for identifying imitation emails and websites
If you do not recognize the sender of an email, or you’re unsure about any link or attachment, avoid clicking on anything until you verify its legitimacy through one of our authorized channels.
Below are several common indicators of imitation emails and websites:
- Suspicious links: Always hover over a link before clicking. If it doesn’t clearly reflect our legitimate domain, it may lead to a spoofed site designed to harvest your data or infect your system.
- Sender email address: Impersonators frequently forge the “From” field. If the sender isn’t someone you recognize or if the domain is slightly misspelled, treat the message with caution.
- Attachments: Emails requesting your signature never include attachments. If you receive an attachment alongside a signature request, do not open or click it. We only include PDF attachments once a document is fully signed by all parties. Even then, verify that the file is a legitimate PDF. We never send HTML files or executables.
- Generic greetings or extreme urgency: Messages that start with “Dear Customer” or claim you must act immediately to prevent account closure often indicate phishing. Always verify the sender before responding.
- Deceptive URLs: Just because a URL looks similar to our domain doesn’t mean it’s legitimate. Also, check for https in the address bar—if it’s missing, your connection isn’t secure.
- Poor grammar or misspellings: Many imitation emails contain noticeable typographical errors or awkward language. While not all legitimate messages are perfect, this is often a red flag.
Improper use of our platform
This refers to genuine accounts that violate our Terms of Service—often by engaging in fraudulent activity, phishing, or requesting sensitive information under false pretenses.
What constitutes improper use?
- Fraudulent or illegal activity facilitated through an actual user account.
- Misrepresentation or requests for sensitive data (credit card info, passwords) under the guise of legitimacy.
- Scam offers, such as requests for money in exchange for “prizes” or “investment opportunities,” using a real account on our platform.
-
Fraudulent fax transmissions via Fax.Plus for deceptive or illegal purposes.
Overall, staying vigilant against imitation attempts and improper account use is essential to preserving a secure community. By promptly reporting suspicious emails, spoofed websites, or fraudulent activity, you help us address issues quickly and protect everyone involved. Thank you for partnering with us to maintain a safe and trustworthy environment.