About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that requests payment or changes to payment, the following banner will be displayed on the message: Image: shows caution banner. Procedure:  Do not forward or reply to the message until verification has been completed To verify a customer, use trusted and known contact methods previously documented by the company.  Never Call phone numbers shown in messages Never accept text message, email, or voicemail as a form of verification If contact's account specifies an approval process for changes, follow their approval process in addition to HPG's Never make a change unless a fully authorized person has been directly contacted and provides concise permissions.  Watch for and note red flags. Notify IT of any that are noted Gain appropriate approval by internal HPG Team

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that resembles a known contact but has different details, the following banner will be displayed on the message: Image: shows caution banner Procedure: If the sender is using the name of an HPG Officer or Employee, do not replace, the ticket is likely Phishing and should be reported. If the sender is using the name of a customer or known contact, use known and trusted contact methods to contact the customer. Do not reply to messages until verified. If in doubt, report the message and let IT determine legitimacy.  Do not forward suspicious emails. Do not provide sensitive information to non-verified senders.

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that resembles a known contact but has different details, the following banner will be displayed on the message: Image: shows alert banner Process: Inspect message for suspicious content, spelling, and grammar. If the vendor/customer is legitimate but is not known to HPG, vendor must be verified utilizing proper accounting SOP. Provide instructions on next steps. If you cannot verify the message, submit the email as suspicious

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that requests payroll changes the following banner will be displayed on the message: Image -shows caution banner Employees should request any payroll changes through their payroll system, and not through email.  Verify, in person, any changes requested. Messaging is not an acceptable method for requesting changes to payroll. Never provide personal information via insecure messaging Never provide banking information via messaging Report suspicious activity ASAP

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that requests utilization of a payment processor the following banner will be displayed on the message: Image -shows info banner Process If the message was not expected or is outside of your job responsibilities, report the message as suspicious. Verify the request using known and verified contact methods Never pay for anything that is not verified first Check with accounting for appropriate procedures Report any suspicious requests

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that requests that you use a link to access a file from a non-verifiable location the following banner will be displayed on the message: Image -shows warning banner Process If you did not request or were informed ahead of time, report the message as suspicious NEVER click a link you have not first verified as safe Verify with the vendor/customer that they intended to send the file, preferably, over the phone Report all suspicious activity

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that has a reply-to and sender do not match AND the domain of the reply to was recently registered the following banner will be displayed on the message: Image -shows caution banner Process Do not reply to the message, report it as suspicious. HPG IT will inspect the message and provide guidence. 

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that has a reply-to and sender do not match the following banner will be displayed on the message: Image -shows caution banner Process NetSuite, CommonSku, and occasionally some other services may show this banner. Report any message delivered from these sources that appear to be suspicious. Inspect links before clicking them If the message is from or includes an unknown domain or contact, report it as suspicious

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received that was sent from a newly registered domain the following banner will be displayed on the message: Image -shows info banner Process If the sender claims to be an existing vendor/customer or their email address closely resembles an existing vendor/customer, report the message as suspicious. If they appear to be a new vendor/customer, Do not click links or open files in the message. Ask them to contact appropriate persons/team to establish their relationship with the business.

About:  HPG utilizes banners in email to help employees identify risks associated with email-based attacks that put themselves and the computer at risk. These banners are dynamic and there may be several prepended to a message at time. Employees should take additional cautions on messages containing banners.  If a message is received from somebody you have not communicated with before the following banner will be displayed on the message: Image -shows info banner Process Use high caution and avoid clicking links or openning files until you are 100% certain they are safe Report suspcious emails immediately