We’ve received a couple of emails this morning stating that someone under the email swapdtransactions@gmail.com is pretending to be SWAPD staff, and that person is trying to con people. Just an FYI, SWAPD only has ONE support inbox, and that is support@swapd.co. On top of that, we never do any transactions via email, we use our /start page for all of our checkout tickets.
Avoid. Thank you!
Also note: Its very easy to spoof emails, and you should never reply to an email with the login credentials of anything. Instead, come to Swapd.co and use the messaging/ticking system.
You know you made it when scammers fake your email address.
Stay safe people!
Providers like Gmail warn you about spoofed mails these days. I am fairly sure others do too.
Nope, using services such a SendGrid (there are other services available) can bypass this. Not always, but can do.
Highly recommend your tech guys to change the DNS SPF record from softfail (~all) to hardfail (-all) on swapd.co. Some e-mail providers will still let e-mail through when domain is being spoofed with a softfail.
Still fairly sure you need access to the domain to set this up properly. Otherwise, it would be the biggest security flaw in the world.
This was a recent discovery of mine when asking someone to do a little bit of coding work for me.
Google does use DKIM by default nowadays: Help prevent spoofing and spam with DKIM - Google Workspace Admin Help
And, Sendgrid also recommends this: How to Use DKIM to Prevent Domain Spoofing - SendGrid
However, like I said I recently encountered this. The programmer didn’t know my email due to me not specifying one, but did know my name. So, for their test code they used admin@mydomain.com which didn’t exist to send a email notification, but as far as I can remember there was no warning.
I’ll run a few checks myself, and see if I’m forgetting that I accepted a spoof warning, but I’m pretty sure I did not.
Gmail has a question mark where the profile picture should be, so their warning isn’t always eye catching. I’ve learned always to check that 
I’ve just checked, and the profile picture is the first letter of my name on the avatar (which is auto generated similaro to that of gravatar), and the email was firstname@mydomain.com which doesn’t exist. Like I said I’ll try to recreate this later today, and update everyone.
Although, regardless if the spoof warning from Gmail is merely changing the profile picture to a question mark, then I’d still like to advise everyone to exercise caution when recieving emails.
Although, AFAIK Swapd will never require you to send a email with crednetials within that email, and it will always be done within the intergrated ticket system.
I am honestly shocked people fall for these types of scams. -_-
Being in the Cyber Security field I know people fall for a lot more obvious things and although we can’t cure stupid we have to try to mitigate these issues as much as possible 
Joking of course, I can understand lapse of judgement, and particularly the less savvy users falling for something like this.
