If you are reading this page, you have opened a link, scanned a QR code, or followed directions from a phishing email that was generated by our internal Cyber Team.
Please see the warning signs of an invalid email sender and identifying their domain:
Red Flag– External Sender notice as an internal employee. We never use personal emails to compose business emails.
Blue Flag– This alerts you that the sender is possibly an imposter. They have used an employees name with an unregistered email domain.
Green Flag– The email address does not match our internal domain. You can also double click to expand and show the true email address if it is not showing full address.
Here is an example of the pop out. You can see the full email address. Note there is no company information such as position, phone number, and address.
Defensive Updates to Verify our Vendors
A new rule was established to filter all senders and tag them based on their email domains. This new header verifies approved business affiliates outside our organization. This does not exempt or verify if the end user from the organization is compromised. Incoming DocuSign, Adobe Sign, broker communications, and technology vendors will be displaying this blue banner.
When in doubt, forward the email to Kenji.
What do I do when I suspect a false sender?
- Forward the message to Kenji at his internal email
- Call Kenji or the actual person through their internal extension or known number via contacts or previous email signatures (do not call a listed phone number on the compromised email)
- Do not scan any QR codes
- If you can confirm it is a phishing or imposter, use the “Report Message” icon within your Outlook tool bar. Marking the email as Junk or Phishing with remove it from your inbox and submit the email to Microsoft.