Aircall takes the security of its customers seriously and provides guidance and tools to help protect your account from potential attacks by malicious third parties. This article outlines recommended best practices to reduce the risk of account takeover and explains how Aircall helps safeguard your data.

As a reminder, Aircall’s terms and conditions regarding account takeover are available in section 3, article 2.

Security measureWhat it means
Enable MFA and use Google Sign-In
  • Requiring more than one method of authentication significantly strengthens account security. Multi-factor authentication (MFA) adds a second verification step, such as a code sent to your phone or generated by an authenticator app.
  • Using Google Sign-In can further reduce risk by leveraging Google’s built-in security protections.
Use strong and unique passwords
  • Passwords should be complex and difficult to guess. Combine letters, numbers, and symbols, and avoid personal information such as birthdays or simple sequences.
  • Do not share your login credentials, and avoid reusing the same password across multiple websites or services.
  • Make sure you're familiar with the authentication best practices
Monitor account activity regularlyReview your account activity and billing history on a regular basis. Unusual usage patterns or unexpected spikes can indicate unauthorized access or potential fraud.
How Aircall protects your accountAircall uses advanced systems and dedicated teams to help prevent unauthorized access and detect suspicious behavior, including a specialized fraud prevention team. Account takeover (ATO) whitepaper is attached at the bottom of this article.
Limit access and permissions

Only grant account access to team members who need it. Assign appropriate roles and permissions to ensure users can only modify what is necessary for their responsibilities.

Important: Review user access regularly and remove permissions that are no longer required.
Update passwords and secure API keys Change passwords immediately if you suspect a security breach, and avoid reusing passwords across different platforms. API keys should be stored securely and never shared through unsecured channels.
Be cautious with public Wi-FiAvoid accessing your Aircall account over public Wi-Fi networks. If access is necessary, use a trusted VPN, such as one provided by your organization or a reputable service.
Watch out for phishing attacksPhishing attempts often try to trick users into clicking malicious links or sharing login credentials. Never open suspicious links or attachments, and always verify the sender before entering any credentials. Learn more about Call spoofing.
Provide regular security awareness trainingEducate your team about common security threats, including phishing and social engineering. A well-informed team is less likely to fall victim to attacks.
Contact support if suspicious activity is detectedIf you notice any irregular or suspicious activity, contact Aircall Support immediately to prevent further unauthorized access.