Support

Enhancing Data Security Against Phishing and Unauthorized Access

A blue circle with the words soc2 type 2.A blue button with the word iso on it.
support 1

Personalized details

Every email includes your name, the client and matter name, and the invoice number where applicable.
secure-link

Secure links, not attachments

Invoices are delivered through a time-limited secure link rather than as email attachments.

Smart access protection

Bot defenses and risk-based verification add extra checks when access looks unusual.
noun-unauthorized-7747886 1

Optional Secure Client Portal

A protected space to view current and past invoices without relying on email at all.
Table of contents
link 1

Introduction

Your law firm uses Oddr to send invoice-related emails. Because billing communications are a common target for phishing and invoice fraud, we've built in several safeguards to help you confirm an email is genuine and to keep your documents protected. This guide explains those safeguards and how to use them.

How to confirm an email is really from Oddr

Before acting on an invoice email, check three things:

  1. The sender. Invoice emails come from your law firm's own email domain.
  2. The links. Even though the email comes from your firm, the links point to an oddr.com address — for example, client.oddr.com. Hover over a link to confirm before clicking.
  3. No attachments to open. We deliver invoices through a secure link, not as attachments. An email claiming to be an Oddr invoice with a file attached is worth a second look — when in doubt, contact your law firm before opening it.

Personalized details (your name, matter, invoice number) are an extra signal, but treat their absence as a warning sign rather than their presence as proof. Sophisticated scams can include real details, so always rely on the sender and link checks above.

Time-limited Links Instead of PDF Attachments

When your law firm sends a document, you receive a secure link that opens your specific invoice, statement, or payment page directly — no password required. The links expire after a set period. Unlike a PDF, which can't be retracted once it leaves your inbox, a time-limited link keeps your invoice from being accessed indefinitely if an email is ever forwarded or intercepted. If a link expires while you still need it, a single click sends a fresh, unique link to the original email address.

Built-in protection against unauthorized access

Whether you open a document from an emailed link or sign in to the portal, two safeguards work in the background:

  • Protection against automated attacks. Google reCAPTCHA protects both portal sign-in and the secure invoice, payment, and statement pages you reach from emailed links — telling real users apart from automated bots and blocking large-scale automated access attempts.
  • Risk-based verification. We watch for unusual access — for example, traffic routed through an anonymous proxy, or an attempt from a different region than your usual access. When something looks off, we add a step and email you a one-time code to confirm it's really you before granting access.

The Secure Client Portal

The optional Oddr Secure Client Portal lets you view current and historical invoices inside a protected environment instead of through email. Access uses a one-time secure code sent to your email — there's no password to be stolen or reused. Removing email from invoice delivery significantly reduces the risk of fraudulent or spoofed invoices. To get an invitation, contact your law firm.

If something looks off

If an invoice email seems suspicious, don't click any links or open any attachments. Contact your law firm directly using a known phone number or email, or reach Oddr support at support@oddr.com. It's always safer to verify than to act quickly.


Learn about tips to identify phishing emails

Questions about an invoice email? Contact your law firm, or reach us at support@oddr.com.