Security Alert-
TUNE customers are receiving alerts about unusual activity within their "Hasoffers network". This email is not from TUNE and should be considered a phishing email.
These emails are from a detractor attempting a phishing scam and should be reported to email providers immediately.
Example:
Follow the steps below to mark the email as Phishing:
- Log in to your mailbox and open the email
- Click on the 3 dots(options) on the right side of the mail sent to you by the impersonator and click on the Report Phishing button marked in Green.
It is very important to not click or open the link
TUNE highly recommends enabling Two-Factor Authentication to protect user accounts.
Enabling Two-Factor Authentication
Two-factor authentication goes beyond the standard email/password combo to authenticate a user. When a user logs into your network, they will enter their email and password as standard, at that point they will be prompted to enter an ‘authentication code’. This is where the two-factor authentication comes in. To get this code, the user will go to their phone and open the Google Authenticator app where a temporary code will be prompted to them. This code refreshes every 30 seconds so there is very little risk of someone re-using this code.
By default, two-factor authentication is disabled for all users in your account. To enable two-factor authentication for your employees, go to Company > Customize Application > Application. Set the Two-Factor Authentication field to enabled and save. This will enable this setting for all employees in your network.
Best Practices
Cyber-attacks are an ongoing concern. Such attacks include phishing emails designed to trick you into visiting malicious sites or downloading malware used to steal data and damage networks. This reminder sets out general guidance on how to protect yourself against such malicious emails.
DO NOT
DO NOT reply to, open attachments from, or click on URLs from unknown and untrusted sources.
DO NOT ever send personal/sensitive information via email—e.g., passwords, credit card numbers, social security numbers, or account numbers.
DO
DO check for misspellings, grammatical errors, and abnormal spacing that may be indicative of a phishing email.
DO check links by using your mouse to hover over the hyperlink to determine if the URL makes sense with the sender—e.g., matching the sender name to the URL; whether there's a foreign name or location in the URL.
DO report any suspicious emails—even if you're not sure
DO use common sense—if it doesn't look right, trust your judgment.
RED FLAGS
Does the email ask for any sensitive/personal information (password, credit cards, SSN, etc.)?
Does the email ask for sensitive information about others?
Does the email ask you to immediately act or open an attachment to avoid account closure?
Does the hover-text link match what's in the text?
Does the address in the ‘To’ field match the sender of the email?