TECHNOLOGY ALERTS

Important Technology Alerts

Financial services firms continue to face significant data risks, including data breaches, and cyberattacks. Failure to comply with regulations can result in hefty fines and legal penalties. Electronic communications are not considered private. Anything, including NPI (Nonpublic Personal Information) sent via email has the possibility of being intercepted by unauthorized third parties. CreativeOne Wealth requires advisors and staff to safeguard their clients more effectively, mitigating the potential impact of data-related threats.


Please review the critical email encryption requirements, phishing alert, and email whitelisting procedures outlined below.


Email Encryption Alert: Security Requirements for Electronic Communications


Important Alert: Microsoft Phishing Exploit Affecting Our Email Domains


Our Technology team has identified a critical Microsoft email exploit, known as a "Direct Send," impacting our @creativeone.com and @creativeonewealth.com email tenants. This phishing vulnerability allows external users to send emails that appear to originate from internal addresses within our domains, bypassing our standard ProofPoint spam filters.


Issue Details

  • Impact: Emails may appear to come from any individual or shared mailbox within our @creativeone.com or @creativeonewealth.com tenants.
  • Risk: These emails often contain malicious attachments or links designed to compromise security.
  • Why It’s Not Caught: The exploit circumvents our ProofPoint filtering system, allowing phishing emails to reach inboxes undetected.


Action Required

To protect yourself and our organization:

  1. Verify Emails: Scrutinize any suspicious email, even if it appears to come from a trusted internal address. Look for unusual language, unexpected requests, or unfamiliar links/attachments.
  2. Do Not Engage: Avoid clicking links or opening attachments in questionable emails.
  3. Report to IT: Forward any suspicious emails to IT Support immediately for review. Do not take further action until IT confirms the email’s safety.
  4. Stay Vigilant: Be cautious of emails requesting urgent action, sensitive information, or financial transactions.


Example of Suspicious Email

Phishing emails may resemble the following:

  • From: user@creativeone.com or sharedmailbox@creativeonewealth.com
  • Content: Contains an unexpected attachment (e.g., .pdf, .docx) or a link to an unfamiliar website.
  • Subject: Often urgent or generic, such as “Action Required” or “Document Review.”


Next Steps

Our IT team is actively working on a solution to block these phishing attempts and enhance our email security. We will provide updates as soon as possible. In the meantime, your cooperation in reporting suspicious emails is critical to maintaining our security.


If you have questions or encounter a suspicious email, contact IT Support immediately.


General Email Whitelisting Procedures


To ensure you stay up to date with all CreativeOne and CreativeOne Wealth emails, please review the following email whitelisting procedures. 


  1. Trusted Senders: @creativeonewealth.com, @em.creativeonewealth.com and @creativeone.com
  2. Access Email Settings: Log in to your email client or server admin panel and navigate to the spam filter, junk mail settings, or security rules section. OR contact your hosting administrator to assist.
  3. Add to Whitelist: Input the trusted sender’s email or domain into the appropriate whitelist or “safe senders” list.
  4. Monitor and Update: Regularly review the whitelist to add new trusted senders or remove outdated ones. Check logs if emails are still blocked.
  5. Enable Logging (if applicable): For server-level whitelisting, enable logging to track allowed and blocked emails for troubleshooting.



Contact IT Support