The world is striving for more and more digitization. As it progresses, more and more threats appear. One of the most common threats is Phishing.

What is Phishing?
It is an attempt at phishing data by impersonating a person, company or institution. Here are some examples of how this type of scamming works:

• Phishing login data through a fake website - criminals make an identical copy of the website, but at a different internet address. Then they send mailing impersonating interested customers or the company itself with a request to log in / view a specific offer. In such cases, be vigilant. The easiest way to avoid this is to look at the address bar when logging in. If it is different than merkandi.com or another of the Merkandi domains, you should refrain from logging in. Please visit the Merkandi website and immediately report such a situation to our Customer Care. It is also worth noting that criminals often use different types of tricks to make the domain similar to the original one. Examples: Merkondi.com or merkandi.com.domainname.com. In the first case, we see a typo in the name, which is easy to overlook, while in the second, a subdomain that is identical to the domain, however, it is not the Merkandi domain.
• Phishing by e-mail - criminals send an e-mail from a company-like domain, asking for a login password, sending documents, etc. At the same time, they take care of the details by sending message templates and footers that our Customer Care agents actually use. Before responding to an e-mail requesting sensitive data, always check who the sender is - all our agents use only addresses in the merkandi domain - name@merkandi.domain.

These are just two examples of the most popular attacks. There are definitely more of them and each of them may have its own varieties, which depend only on the creativity and cunning of criminals.

Due to evolving threats, we decided to use a proactive solution in the form of a mandatory two-factor account login. When you try to log in, after entering your login and password, you will be asked for an activation code that will be sent to your email address. This way, even if you lose your login details, the criminal will not be able to login to your account.

Do I need it? There is nothing interesting on my account on Merkandi
Many people falsely think that criminals will not be interested in their account. This is not true for two reasons:

1. If you are a seller, your account may contain sensitive data such as customer and transaction data. This data can be used by the criminal to compose a further attack or blackmail. It should be remembered that the applicable provisions of the GDPR also impose on each entrepreneur securing this type of data in the best possible way.
2. Your account can be used to coordinate attacks on other people. The criminal from your account can send information and messages to your clients on your behalf. In this way he can, for example, publish offers and then ask interested parties to pay for the order on the account he has provided. Although it is not you who cheat people in this way, it loses the image of your company and may cause problems with the law, because until the matter is clarified you are the person who has extorted money from customers.

I am a victim of phishing, what should I do?
Report the matter to Merkandi customer service immediately, change the account password to Merkandi and make sure that no one has changed your email address in the account settings. If you use the password to log in to Merkandi also in other places - change it also in other places.

Important note
The two-factor login is an additional layer of security, which increases your safety, but it does not guarantee 100% security. It makes hacking your account with the stolen data much more difficult, but there are other phishing methods in which the confirmation code is also scammed, so you should still check the sites where you log in for possible phishing scams.

The Merkandi team is constantly working on the security of data and user accounts by introducing new functionalities.