Ramp exists to save you time and to save you money. We understand the importance of the trust you place in us by sharing your data. Upholding and nurturing that trust is ingrained in our company culture, guiding our internal operations and product development.
Ramp has garnered trust from customers operating in tightly regulated industries, including defense, financial services, and medical manufacturing. Our team is committed to safeguarding your data against potential threats, and we’re excited to provide insight into our approach on this page.
Accessing the documentation on our trust center: Please request access via the banner above. You will be sent an invite via email, and will be prompted to sign an NDA once in the portal. Once the NDA is signed, you will have access to view and download the resources in our Trust Center.
Documents
Featured Documents
A new list of phishing domains have been identified and are being remediated.
- app[.]mob-ramp[.]com
- mob-ramp[.]com
- app[.]r-ramp[.]top
- r-ramp[.]com
- whitelink[.]business
IP address related to hosted phishing site:
- 207[.]32[.]217[.]14
Links related to the redirect chain:
- my[.]link-me[.]su
- u21060774[.]ct[.]sendgrid[.]net (found in body of phishing email)
A new campaign has been identified details are below:
- Subject: 🔒 Important: New Security Enhancement for Your Account
- Sender: info@frontlinetradinginc[.]com
- Links in the phishing email: shor[.]tf/saferamp
Known redirect chain:
- shor[.]tf/saferamp
- my[.]safe-link[.]su
- app[.]ramp[.]info
Businesses are advised to identify these emails in user inboxes and remove as soon as possible. Mitigating actions of the identified domains are in progress.
New hosts/domains have been identified and are in the process of being mitigated.
- protect-ramp[.]com
- 87[.]120[.]116[.]47
New phishing domains identified:
- app[.]upt-ramp[.]com
- se-ramp[.]com
- app[.]safe-ramp[.]com
Businesses are advised to blocked the above domains.
A new campaign was launched today. Details that deviate from the original campaign are below.
Subject line: "🔒 Important: New Security Enhancement for Your Account" Links: bit[.]ly/sec-ram
Summary
We are sending this security advisory to inform you of an ongoing phishing campaign targeting Ramp customers. This campaign seeks to trick users into providing their Ramp credentials and MFA code by sending an email pretending to request acceptance of a new Terms of Service and Privacy Policy, with a link to a Ramp sign-in phishing page. Ramp businesses with password authentication enabled for users are most vulnerable to this phishing campaign.
About the email
- Subject line: “🔄 December Updates: Important Ramp Changes & Next Steps”
- Links: Two different bit.ly links have been observed in samples of the email that have been shared with Ramp: bit[.]ly/rampcompany, bit[.]ly/ramptos
- Sender: Display name being used is “The Ramp Team”. Known Sender emails: admin[at]digitiz[.]io, comercial[at]edolmed[.]com[.]br
Update 12/09/24
- Subject line: "🔒 Important: New Security Enhancement for Your Account"
- Links: bit[.]ly/sec-ram
Indicators of Compromise
Phishing Domains: Ramp uses a phishing detection and mitigation vendor to identify and takedown domains used in phishing campaigns targeting Ramp users. Below are the domains that have been identified.
- acc-ramp[.]com
- terms-ramp[.]com
- app[.]terms-ramp[.]com
- app[.]tos-ramp[.]com
- app[.]security-ramp[.]com
- app[.]ramp[.]company
- seteclnc[.]com
- sec-ramp[.]com
- app[.]us-ramp[.]com
- app[.]update-ramp[.]com
- 93[.]123[.]39[.]38
- p-ramp[.]com
What you can do
- Use the information provided above to update email security rulesets to detect and mitigate the risk of Ramp account compromise.
- If applicable, check proxy, VPN, or web traffic logs for evidence of users visiting the listed phishing domains.
- If you believe you or a user at your business has been compromised, review transactions for suspicious transactions and file a dispute if necessary.
- Review invited users on Ramp for unknown users.
We are committed to ensuring the security of our customers and partners. If you have any questions or need further assistance, please reach out to us at security@ramp.com. If you believe fraudulent transactions have occurred, please follow Ramp’s dispute process. We will provided updates to this advisory as they become available.
As we continue to build and improve our platform, Ramp will be leveraging ASAPP to enhance customer support functions.
This serves as notification that ASAPP will be added as a new Ramp subprocessor.
Name: ASAPP
Location: United States
Website: https://www.asapp.com/
Purpose: Leveraged in providing AI powered features during the customer support process.
DPA Signed: Yes
This new subprocessor has been evaluated in accordance with Ramp’s third-party risk management process.
As we continue to build and improve our platform, Ramp will be leveraging Groq to build AI powered product features.
This serves as notification that Groq will be added as a new Ramp subprocessor.
Name: Groq
Location: United States
Website: groq.com
Purpose: Leveraged in providing AI powered features to customers.
DPA Signed: Yes
This new subprocessor has been evaluated in accordance with Ramp’s third-party risk management process.
Ramp Security was made aware of a Crowdstrike incident on July 19, 2024 and confirmed that Ramp services and infrastructure are not impacted by this incident.
As we continue to build and improve our platform, Ramp will be leveraging ClickHouse as a data warehouse to host Ramp data and support the Ramp application.
This serves as notification that ClickHouse will be added as a Ramp subprocessor.
Name: ClickHouse
Location: United States
Website: clickhouse.com
Purpose: Data Warehouse
DPA Signed: Yes
This subprocessor has been evaluated in accordance with Ramp’s third-party risk management process.
If you think you may have discovered a vulnerability, please send us a note.