Guidance on Quarantined Impersonation Email
Our email security system recently detected and quarantined a message that was flagged as a user impersonation attempt. I wanted to take a moment to explain what that means and how you should handle similar messages in the future.
What Is a User Impersonation Email?
A user impersonation email is designed to look like it came from a trusted individual—such as a coworker, manager, or vendor—but actually comes from a malicious sender. The goal is often to trick you into sharing sensitive information, transferring funds, or clicking on a harmful link.
These emails may:
- Use a display name that matches someone you know
- Come from an email address that looks similar to a legitimate one (but isn't)
- Contain urgent or unusual requests (e.g., asking you to buy gift cards or wire money)
What Happened?
Our Exchange system recognized that the email was attempting to impersonate a known user and automatically quarantined it to protect you. This means the message was blocked from reaching your inbox and is being held securely.
What Should You Do?
-
Do not release or interact with the message unless you're 100% sure it's safe and legitimate.
-
If you're unsure about the email:
- Do not click any links
- Do not download attachments
- Do not reply to the message
-
Please forward any suspicious messages to IT@gfshomeloans.com for review. We're happy to confirm whether something is safe or not.
-
You can report phishing directly from the quarantine portal using the "Report" or "Phishing" option if available.
Staying Safe
We appreciate your diligence in helping to keep our organization secure. If you ever receive an email that seems out of the ordinary—even if it looks like it's from someone you trust—don't hesitate to reach out.
Let us know if you have any questions or would like additional training on email safety.