diff --git a/app/Abstracts/Export.php b/app/Abstracts/Export.php
index 9b640281a..bbd434f7f 100644
--- a/app/Abstracts/Export.php
+++ b/app/Abstracts/Export.php
@@ -35,6 +35,8 @@ abstract class Export implements FromCollection, ShouldAutoSize, WithHeadings, W
 
         $date_fields = ['paid_at', 'invoiced_at', 'billed_at', 'due_at', 'issued_at', 'created_at'];
 
+        $evil_chars = ['=', '+', '-', '@'];
+
         foreach ($this->fields() as $field) {
             $value = $model->$field;
 
@@ -42,6 +44,11 @@ abstract class Export implements FromCollection, ShouldAutoSize, WithHeadings, W
                 $value = Date::parse($value)->format('Y-m-d');
             }
 
+            // Prevent CSV injection https://security.stackexchange.com/a/190848
+            if (Str::startsWith($value, $evil_chars)) {
+                $value = "'" . $value;
+            }
+
             $map[] = $value;
         }