Email Spoofing

There has been a rash of ‘email spoofing’ where the bad guys forge the sender’s address to mislead the recipient. Spoofing comes in two forms:

  • The From field lists the employee’s name with a different email in brackets. For example:
    Jane Doe <actor1@scam-artist.com>
  • The From field lists the employee’s name and the correct email address: Jane Doe <jane.doe@omsp.com>

We should be blocking spoofed emails where the employee’s name and email address appear correct (#2 above) from our spam filter.

However, it’s harder to block the first type of email where the employee’s name and email address are different than expected. Thankfully, this spoof is easier to spot because the email address is displayed in the From field.

The goal of nearly all spoofed emails is to gain something of value, such as money, a credit card number, user credentials, etc. Anytime you receive an email requesting something of value, take a second to read the From field before proceeding. If the email appears to be from a vendor or another practice, but doesn’t display the regular email address, always call them to verify before complying with the request.

If you have any questions, feel free to contact us.


Risky Invoices

There is another rash of malicious emails disguised as Microsoft Word documents. These emails almost universally prevent themselves as an invoice due for payment. There are a few, simple precautions we can take to prevent these emails from causing damage:

  • If you are not the person or department that manages the payment of invoices, consider it a malicious document and delete it.
  • If you ARE the person or department in charge of payments, pay close attention to the sender. If you don't recognize the name of the sender, delete it.

Most importantly, if the invoice looks legit and you open the document, NEVER choose Enable Editing or Enable Content.

The malicious payload is launched when you select “Enable Editing” or “Enable Content”.

Thank you for your vigilance and cooperation!


New Jump Page

This page has been re-designed to complement our other recently updated apps.


Beware of Free Gift Cards

People cannot resist the lure of free things. Cyber criminals set up phony websites where victims can select the gift cards just for providing some seemingly benign information.

Once on the site, the victim answers questions and is put through various actions to prove they're not robots. Each step of the way, the victim clicks through and provides information to eventually collect a code they can enter for their worthless gift card.

For very little effort, the scammers get paid. They sell their victims' information to third parties, and are paid for each click the victim makes chasing the free gift card.

  • Remember there is no such thing as a free lunch. If the product is free, YOU are the product.
  • Always check the HTTPS connection and domain name when visiting a webpage, especially if you are entering sensitive personal information.
  • Never share your sensitive data.
  • Do your friends a favor and do not share questionable links.
  • Check if the offer for free stuff is legit by contacting the company making the offer.

In the end, the scammer has made a few bucks and the victim wasted time and shared information that they'll never get back. And there is no gift card.