Today multiple gmail.com accounts sent emails to a fraction of our organization. The emails claim that the recipient would be charged $1,499 for their 12TB iCloud storage plan.
This is a good opportunity to announce that October is Cyber Security Awareness month. Best to keep in mind that any email may be a scam and we all are one degree away from criminals.
The most common IT crime still is Business Email Compromise (BEC) even though ransomware is increasing rapidly. It is best to be mindful of how to parse an email address and to do your best to understand who is emailing you.
Email addresses are formed by concatenating a username with the '@' sign and with a domain (e.g., email@example.com). Sometimes people are confused by the common phishing addresses that use a domain inside the username (e.g., firstname.lastname@example.org). Understand that such email addresses are available to anyone including to criminals.
If you receive a phishing email, you can report it to Gmail if you're using the web interface (not the Gmail mobile app, unfortunately). Google will alert ITS!
|Gmail's 'Report phishing' feature is under a vertical ellipsis in the upper-right of an email.|
You can also forward the email to email@example.com. If you are unsure if an email is a phishing email, please forward it to firstname.lastname@example.org. We can help to determine what is what and if necessary report the email as a phishing attempt to Google.