Skip to main content

Stay safe with Moss

Learn what we never ask, how we protect you, and how to reach us.

Anna Dziurosz avatar
Written by Anna Dziurosz
Updated over a month ago

Security is a shared responsibility — and knowing what not to trust is one of your best defenses. This page outlines three essential principles to help you and your team stay protected while using Moss.

What Moss Will Never Ask You

If you receive a message, call, or email claiming to be from Moss and it asks for any of the following, it’s fraudulent.

Moss will never:

  • Ask for your password, PIN or any authorisation code (e.g. one-time password (OTP))

  • Ask you for access to your device or to install remote access software (like AnyDesk or TeamViewer)

  • Ask you to communicate with Moss via WhatsApp or other similar messaging services.

  • Ask for your full card details (PAN, CVV, expiry date)

  • Ask you to make urgent transfers or payments outside of approved workflows

  • Contact you from free or unverified email domains

  • Pressure you to act urgently outside of the Moss platform

These are red flags. Stop immediately and verify the request through official channels.

How Moss Protects Your Data

Moss is built for financial control — and that includes safeguarding your data at every step.

We implement:

  • End-to-end encryption for all data in transit and at rest

  • Tokenization to protect sensitive card and payment data

  • Role-based access and approval workflows to control spend visibility

  • Continuous infrastructure monitoring with near-100% uptime

  • Certified compliance with SOC 2, ISO 27001, and GDPR standards

Every login, transaction, and user action is traceable — with built-in safeguards to detect anomalies early.

How to Contact Moss Safely

Always use one of the verified channels below to contact Moss. If anything feels off, stop and double-check.

Trusted contact points:

  • In-app support chat (fastest and most secure)

  • Your dedicated Moss Customer Success Manager (if assigned)

  • Emails from the @getmoss.com domain

    • Note: Email addresses can be spoofed. If something looks unusual — the tone, formatting, or urgency — do not click, but contact Moss directly.

  • Our official website:https://www.getmoss.com

Never trust:

  • Emails from Gmail, Yahoo, or personal domains claiming to be from Moss

  • Phone calls asking for card details, passwords, authorisation codes or remote access

  • Urgent instructions that bypass Moss workflows or approvals

Need to report something suspicious?

We take every report seriously and will investigate and follow up directly.

Related Articles
How to change your password
Forward receipts and invoices to Moss automatically in Gmail
Moss Security & Fraud Protection Hub
Recognizing common threats
Keeping your team secure with Moss
Did this answer your question?