VERIFY that invoices or invites to applications are legitimate before opening and processing
More than ever, Commonwealth business is being conducted online and through email. Invoices, forms and contracts are sent through electronic signature applications like DocuSign or Adobe Acrobat Sign. Staff also receive invitations to join collaborative tools like OneDrive, SharePoint, Google Drive, and DropBox. However, hackers are aware of these trends. Among their tools: spoofed emails that look legitimate, even appearing to use official email addresses. Malicious links or attachments can contain ransomware or malware or lead users to infected sites.
Action Steps
PAUSE before you open any email link or attachment and review it carefully. Is it expected and from a recognized sender. Scan the attachment to ensure it is virus-free.
Contact the sender through a virtual meeting, or call using an official address or phone number you have on file to VERIFY that it was an authorized sender who sent the invite or invoice.
If you are planning on sending an invite or invoice that will generate an email to a recipient, send that person a “pre-mail” first — letting the recipient know that an automated email is coming and that it is legitimate.