This document explains how you deal with spoofing and phishing e-mails.
Document 5708 | Last updated: 03/09/2020 MJY
If you're receiving suspicious e‑mail that indicates it is from your account, from another reputable source like a la mode, or you're receiving "delivery failure" message that appear to be from someone at a la mode then you've been hit with an e‑mail spoofing or e‑mail phishing attack. Sometimes the messages even appear to be from an imaginary address on your domain.
Here are some important things to know about suspicious e‑mail that you receive:
Most legitimate businesses will never use e‑mail as a means to request account information. Don't ever provide personal information via e‑mail without verifying the request is legitimate.
Reminder: a la mode will never ask for your password via e‑mail.
There's not much that can be done to prevent "spoofing" and "phishing" attacks. For these types of attacks, we recommend:
Phishing Attacks - Install Antivirus Software & Keep It Updated
Many e‑mail attacks this are spread through virus programs that can infect your computer. Running antivirus software with the latest updates is one of the most effective ways to protect yourself from becoming a victim, or possible source, of SPAM attacks.
Spoofed e‑mail — enable SPF records for your email account
A Sender Policy Framework (SPF) record helps prevent "spoofed" e‑mail messages. An SPF record allows other e‑mail servers to identify and reject e‑mails using a forged FROM address by specifying what servers are authorized to transmit e‑mail for that domain. Contact your email provider for instructions or assistance with setting up SPF records for your email account.