Spam/Phishing Awareness

We have been receiving a lot of spam over the past few months. Please read the below to learn about how to identify phishing attempts.

If you are unaware of these terms, please review the information provided by the FTC and US-CERT in the links below.

https://www.consumer.ftc.gov/articles/0003-phishing

https://www.us-cert.gov/ncas/tips/ST04-014

One of the more common tools used by those attempting to gain access or reap benefits from unsuspecting users is called email spoofing. Spoofing is when one forges the header of an email so that the message appears to have originated somewhere other than the actual source. Even if the email appears to be from a legitimate contact, make sure you verify that the address is one you are familiar with and expect the sender to be using for official business. All M1 communication should be made using official M1 email addresses, and private emails addressing any business concerns should never be considered a valid or safe means of communication. To verify the email address a sender is using, you can either hover over their name in the sent email or double click their name (depending on the version of Outlook you are using) and verify that the address it was sent from is correct. Again, even if the address seems OK, but the contents of the email seem suspicious, please work with IT to verify the integrity of the email. Verification should look similar to the below.

Another common tool is sending a URL (weblink) that appears to go to a legitimate website, but in fact sends the user to another site once it is clicked. When clicking on a URL from either a known or unknown sender, best practice is to hover over the link to verify that the link is sending you to a valid, safe website. This should look like the below. If the sites don’t match, or look suspicious, DO NOT CLICK the link and work with IT.

Finally, please be very aware of any attachments you are opening. If they are not from an expected source, or the email seems suspicious, please forward the email to helpdesk@m1services.com as an attachment (click here for instructions) and we will be more than happy to review it.

In general, if you receive an email from someone you think is suspicious in either its’ contents or manner of communication, please get with the IT team to verify authenticity of the email before taking action.