Help me, is this legit?

Have a good look at this screenshot of an email in my inbox.

When looking over the email you probably noticed the Sage logo in the footer, the standardised and professional layout used and the nice and clear button to settle this invoice. As a business email, it looks pretty decent. All the trust signals are there and you have to live under a rock to have not heard of Sage, right?

Now, let’s take a moment to consider your older or more vulnerable clients and family members. Would they trust this email? Does it look overly spammy? Yes, they probably would think the email is genuine.

This email is actually a brilliant case for why we built Filehaven. This email is a top class phishing attempt; it’s totally faked. They’ve perfectly imitated the layouts used by Sage’s accounting tools and direct people to their own faked payment screens to take a card payment.

And here lies the problem. How difficult would it be to swap “A & L Electrical Solutions Limited” to your company’s name? I can assure you it’ll take seconds to do.

It’s very, very easy to dupe people on email, and statistics show it’s a very lucrative business for scammers and hackers. You have to ask yourself:

Why are we still using email for our day-to-day communications with clients?

There’s a plethora of tools out there that market themselves on being a secure provider of business email. Tools like Beyond Encryption and StayPrivate but behind the scenes, they’re still using email. Sure, they might add steps in between to “authenticate” who you are, but even that’s pretty easy to fake too.

With Filehaven we’ve built (what I believe to be) a decent alternative that’s lightweight and fast to use with your clients. We don’t hold buckets and buckets of data on your clients; just a name and email. That’s it.

Communication through Filehaven is encrypted beyond bank-level encryption. We use AES256 encryption which is used by governments around the world for encrypting top secret classified information. According to Wikipedia, many financial institutions still use 128bit encryption as opposed to the 256bit encryption found in Filehaven.

Couple that with our 2-factor-authentication (2FA) you and your clients can doubly lock-down access to their account to ensure that no-one else can access their data. A hacker would need to have not only the username and password to an account on Filehaven, but also their device in order to login.

🤔Does your email app or account use 2FA?

Why does this matter to me? 🤷‍♂️

The Financial Ombudsman Service fined a mortgage broker £20k + interest after one of their clients received an email, just like the one above and paid the invoice.

The FOS concluded that the broker didn’t have suitable safeguards in place to ensure that their email account was kept secure. You can read all about it here: to a PDF).

We know Filehaven isn’t for everyone, but it’s highly suitable for the majority of businesses out there and starting at £15 a month + VAT, we would like to think it’s a no-brainer system to protect you (from unwanted fines ) and your clients from dubious email scams in your name.

You can sign up to a free 7 day trial (with no card details required) over at or get in touch to arrange a personalised demo.