Safety & Security

Safety & Security

At DozIT, we take security seriously. This page explains how to recognize legitimate DozIT communications, what we will (and will not) ask for, and what to do if you suspect an email, ticket, or request is not authentic.

If you’d like us to verify a message or you suspect phishing or impersonation, contact us at safety@dozit.ca. For general support, use support@dozit.ca.

Quick Safety Rules

Use these rules of thumb when interacting with DozIT support:

• We will never ask for your password (including MFA codes) by email, chat, or ticket.
• We will never ask for payment details (credit card numbers, banking credentials) through the helpdesk/ticketing system.
• We will never request cryptocurrency or gift cards as a method of payment.
• We won’t pressure you with urgency to bypass normal process (“don’t open a ticket”, “use this private link”).
• When in doubt, verify using a known phone number or by opening a new ticket through your normal channel.

How to Verify It’s Really DozIT

If you receive a message claiming to be from DozIT, confirm it using the checks below:

• Check the sender: Support emails should originate from @dozit.ca. We may also send billing notifications via [email protected] (for invoices and receipts).
• Check links before clicking: Links should go to dozit.ca or a service you already use with DozIT. If the link looks shortened, unfamiliar, or misspelled (e.g., doz1t), treat it as suspicious.
• Check context: We normally reference your ticket number and the work requested. If the message is unexpected, verify first.
• Be cautious with attachments: We avoid attachments unless needed. If you weren’t expecting it, verify before opening.

What We May Ask For

To resolve issues, we may request information that helps us troubleshoot, such as:

• Device and software details (model, OS version, application version)
• Error messages, screenshots, and timestamps of when the issue occurred
• Confirmation of actions taken (e.g., reboot, reconnect VPN, retry steps)
• Logs that relate to the issue, when appropriate (tip: you can redact/blur sensitive information in screenshots)

What We Will Never Ask For

DozIT will never request any of the following through email, chat, or tickets:

• Your password or MFA / 2FA codes
• Online banking credentials or full credit card details
• Cryptocurrency payments, gift cards, or unusual payment methods
• Requests to disable security controls “temporarily” (MFA, antivirus, firewall) without clear explanation and your approval

Remote Support & Access Requests

In most cases, you won’t need to do anything for us to resolve your issue. If coordination for remote access is required, we will clearly explain:

• What tool is being used and why
• What level of access is required
• How to revoke access when the session is complete

Important: If anyone asks you to install remote access software unexpectedly, verify with DozIT first.

Billing & Payment Safety

We send invoices and payment instructions through standard, predictable channels:

• Invoices: sent via email and will originate from @dozit.ca or from [email protected].
• Accepted payment methods: eTransfer to [email protected] (we will never ask you to send payment to a different email), pre-authorized payment (accounting@dozit.ca for details), or cheque sent to our registered office address.
• Changes to payment details: If we ever change banking/payment instructions, we will confirm using two separate methods (e.g., email from @dozit.ca plus a phone call from (613) 423-6948).

Phishing, Impersonation & Social Engineering

Attackers sometimes impersonate IT providers to trick users into handing over access. Be cautious of messages that:

• Create urgency (“act now” / “account will be closed”)
• Request secrets (passwords, MFA codes)
• Ask you to bypass normal process (“don’t open a ticket”, “use this private link”)
• Ask you to pay to a new destination unexpectedly

If something feels off, pause and verify. It’s always okay to double-check.

How to Report a Suspicious Message

If you think a message or request is suspicious:

• Do not click links or open attachments.
• Do not reply with any sensitive information.
• Forward it to: safety@dozit.ca (or attach it to a new ticket).
• If urgent, call us: (613) 423-6948
• Include: what you received, when you received it, and what you clicked (if anything). (If possible, include full email headers.)

How We Protect Client Systems

We apply security best practices appropriate to the services we provide, which may include:

• Principle of least privilege (only the access required to do the job)
• Multi-factor authentication where supported
• Change tracking and audit logs where available
• Secure and encrypted credential storage and generation practices
• Secure handover procedures when projects end or roles change

Incident Response

If we become aware of an issue that may impact your systems or data, we will:

• Work to contain and assess the issue
• Communicate clearly about what we know, what we’re doing, and what actions you may need to take
• Coordinate remediation and next steps

Recommended Security Practices (For Clients)

Security is a shared effort. We strongly recommend:

• Use a password manager and unique passwords
• Enable MFA wherever possible
• Keep devices updated (OS + browsers + apps)
• Be cautious with unexpected emails and attachments
• Report suspicious activity quickly

Contact

For verification or security concerns:

• Email: safety@dozit.ca
• Support: support@dozit.ca
• Phone: (613) 423-6948
• Mailing address: 200-805 Carling Avenue, Ottawa Ontario, K1S 5W9

Last updated: 2026-01-02