Email Scam Alert

March 23, 2020

Over the weekend, many of our employees were sent a scam email that contained a malicious link. This one came from a Republic employee whose email was compromised, so it was harder to identify as a scam.

Currently, IT has locked down and re-set the passwords of employees who clicked on the malicious link in the email. They have also pulled the email from your Inbox if you had not opened it. If you clicked on the link, you will be required to re-take the cyber security awareness training in Workday.

For those who reported it as a Phish Thank You and Keep Up the Good Work

REMEMBER:
DON’T OPEN SUSPICIOUS EMAILS – REPORT THEM!

Such emails are designed to retrieve personal or confidential information such as bank account information or your passwords. They may also access your contact list to then commission a personalized attack that is harder to recognize as a scam.

It’s important to take extra precautions. Do not click on links within an email or open any attachments that look suspicious. If you suspect a malicious email, report it by clicking on the Report Phishing Button in Outlook. Our Cybersecurity Team will investigate reported emails as potential phishing attacks. The sooner this gets reported the less people it will affect! There is no penalty for reporting a harmless email. But if the email is malicious, the intel you have provided will help Cybersecurity take swift action.

Five signs that an email is a Phish:

  1. Plays on fear and urgency
  2. Asks for credentials, personal or financial information
  3. Uses an unfamiliar greeting
  4. Has a sketchy email address
  5. Makes spelling or grammar errors

Examples of scam emails we have received

Example 1: Sender is a real customer but plays on fear and urgency, asks you to open an attachment or link and has grammatical errors.

Example 2: Sender address does not match the actual email that belongs to our customer. It also asks you to open an attachment that is likely malicious.