Email Security is best practiced when there is a combination of work between your IT department and you the user. We here on the IT side have several programs to help mitigate what Spam/Spear Phishing emails. We will be going over those in this article as well as how to contact the helpdesk.

• Quarantine Emails
  • Mimecast(Messages on Hold)
  • Microsoft
• Identifiers of Bad Emails
• Contacting Helpdesk
  • What to send best Practices 

Mimecast(Messages on Hold)

• Reminder of what a typical Quarantine Email from Mimecast looks like:

• You should receive the above email up to an hour after the email has hit the Hold box. 
• You can always see your on-hold message right away by using the Mimecast Outlook-add-in:

Microsoft

• We also use the Microsoft Quarantine as a back-up measure to Mimecast. Here is what their typical email looks like:

• Both of these use AI to help protect your email, but they are constantly learning what is "bad" email as that is because scammers are constantly trying to get in and change their methods as we learn to thwart them.

• If emails do come through, we have worked to make sure that it is easily recognizable for internal contacts are easily identifiable. We use a signature service called Exclaimer to handle our signatures which are applied on every outgoing email from within our system. Please see the side by side comparison below:

1. The email address should not be visible, just the name. Any email address here should have the domain of @pacresmortgage if there is one present.
2. Users will have their signature auto-applied here with their Name, NMLS (if applicable), Title, and then their contact info that they choose (office, cell, fax), along with the "Apply Now" logo if you are under a Team or a LO
3. This should be the PRM logo.
4. We are required to have the following compliance notice on the bottom and all correspondences from the company has this.

What to send best Practices 

• External contacts will be tougher as we don't have our internal signatures to work against, in these cases you will need to be aware of some key indicators it is fake, or report it to the IT department by SNIPPING the email with the following information so we can do a search on the backend. (Forwarding the potentially malicious email could cause the attack to make it further into the company)

• Between our protocols and your education we can try and stamp out any potential Spam or Phishers from either trying to get credentials from you to impersonate you or actively trying to access our sensitive data (customer information). Thanks so much again for your help in keeping our company safe!!