Home / Security updates / Ramp Security Advisory: Ongoing Phishing Campaign Targeting Ramp Customers
Ramp Security Advisory: Ongoing Phishing Campaign Targeting Ramp Customers
Security updates detail rendered from /security-updates/upd_18b9468b51092111.
Overview
| ID | upd_18b9468b51092111 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Ramp |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_18b9468b51092111 |
| providerId | safebase |
| organizationId | org_c30a348498baad34 |
| trustCenterId | tc_23eba4927cf45a81 |
| title | Ramp Security Advisory: Ongoing Phishing Campaign Targeting Ramp Customers |
| message | **Summary** We are sending this security advisory to inform you of an ongoing phishing campaign targeting Ramp customers. This campaign seeks to trick users into providing their Ramp credentials, and in some cases Google account credentials, and multi-factor authentication (MFA) code by sending an email purporting to request that users review and acknowledge “Prohibited Activities guidelines” with a link to that redirects to a phishing site designed to obtain the user's Ramp credentials and/or Google account credentials. --- **About the phishing email** * **Subject line:** "Important: Service Guidelines Update" * **Links:** hxxp://url1799[.]sendwirepay[.]com/ls/click?upn=[string] * **Sender:** Display name: “The Ramp Team” and sender email is support[at]sendwirepay[.]com (Note: The MX record for the sender email address has been removed.) **Indicators of Compromise (IOCs)** **Phishing Domains:** Ramp uses a phishing detection and mitigation vendor to identify and takedown domains u |
| url | - |
| publishedAt | 2025-09-25 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "general"
} |
| company | {
"id": "org_c30a348498baad34",
"name": "Ramp",
"domains": [
"trust.ramp.com",
"ramp.com"
]
} |
| trust_center | {
"id": "tc_23eba4927cf45a81",
"name": "Ramp",
"url": "https://trust.ramp.com",
"host": "trust.ramp.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_18b9468b51092111",
"company": "/v1/companies/org_c30a348498baad34",
"trust_center": "/v1/trust-centers/tc_23eba4927cf45a81",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_18b9468b51092111JSON