Article 4 August 2022 Be vigilant when clicking links or opening attachments on emails Over the last few weeks, our mail systems have blocked thousands of phishing emails. As well as general phishing emails, we have also seen an increase in targeted phishing attacks, known as ‘Spear Phishing’. These emails are targeted at groups or directly to individuals and are often better formatted and may appear to be from members of the Mitie management team or MGX with a more directed email, requesting you click on links or open attachments. Cyber criminals have also been targeting personal emails or mobile text, pretending to be the Mitie CEO or CFO or MGX or Financial Directors. An example of the types of emails Mitie employees are receiving to their personal emails. Another example of the types of emails colleagues are receiving. In Mitie, while our email protection system is working hard to block these attacks as much possible, some still do get through, which is why we need you to be extra vigilant. Please think twice before clicking links or opening attachments on emails, including internal email. The majority of the cyber incidents happens when people click on links. The primary route of attack that attackers use to gain access to a company is via phishing emails, where the attacker attempts to trick you into entering your credentials or accessing an infected email attachment. Given Mitie operates across several key private sector, central government and defence clients, the risk level for us is even higher. Things to be aware of if you receive a suspicious email: Emails that come from outside Mitie will have the following banner warning you that the email should be treated with caution: Do you recognise the sender? – is this spelt correctly?Are you expecting the email? If not then treat with cautionIs the spelling and grammar correct? A lot of phishing email contain spelling and grammar mistakes. If you are not certain then either: Use the report button on your Outlook toolbarOr forward the email to the Information Security team – informationSecurity@mitie.com If you receive an email to your personal email or mobile from Mitie CEO or CFO or MGX or Financial Directors; Check whether the email is from a certified Mitie email address i.e. FirstName.Surname@Mitie.com.Never reply or do any financial transactions when you get emails in your personal emails or Text from Mitie, always confirm back with your Finance Directors and get confirmation about the email authenticity with informationSecurity@mitie.com
