Information Security BTech Alerts & Notifications - Check this page for the latest information on emergencies and system outages. All times are Pacific. Problem An Email address domain name is very similar to a real Swinerton email address.   Swinertonco.com, swinertoncorp.com, swinerton-usa.com, swinertton.com  An Email that appears to be an official Swinerton email that has a “Caution! This message was sent from outside your organization.”  Examples:  “corp” added to the end of “swinerton”.  “co” added to the end of “swinerton”.  Bad Email Address @swinertoncorp.com @swinertonco.com  Cause A domain name was registered with a similar name that was used to send a potential fraudulent email opening lines of credit, requesting payment, and/or requesting a payment change. Examples of references to this type of issue:  Email Domain Spoofing Email Typosquatting Email Domain Phishing Email Cybersquatting Email Domain Attack Email Trademark Infringement Estimated Troubleshooting Time 5 Minutes.  Solution Gather the following information:  Exact Email Address (copy and paste):  Attach a copy of the original email with mail headers (if applicable) to the ticket.  The original email is needed to investigate the information.  Contact information for the first recipient of the email. Open a ticket with the Service Desk to report the issue using the Swinerton Support Customer Portal. Ticket Logging Guide Subject: Email Domain Name Trademark Infringement - (Name of Domain)  Email Address Spoofing - (Name of Domain)  Description:  Include the Email Address (copy and paste).  Include any information that may help identify the impact of the issue." Attach a file: Attach a copy of the original email with mail headers (if applicable) to the ticket. Priority: Low  Issue: Cyber Security  Category: Domain Infringement 

BTech BTech Alerts & Notifications - Check this page for the latest information on emergencies and system outages. All times are Pacific. Cybersecurity Information If you suspect that one of your accounts has been compromised, taking immediate action is crucial to protect your personal information and prevent further damage. Here are some steps you can take that will mitigate the usefulness of data the attackers may have found while they had access to your computer: Secure your Accounts Change Passwords: Immediately change the password for the compromised account. Choose a strong, unique password that includes a combination of letters, numbers, and special characters. Avoid using easily guessable information like birthdates or common words. Treat every password in your life as if it has been compromised. Change every password you have for ALL websites and set up Multi-factor Authentication (MFA) wherever possible. Make sure that you do not re-use any similar passwords. Every site should have a unique password. Consider using a password manager (eg. Lastpass, onepass, etc) to make passwords easier to manage. Enable Multi-Factor Authentication (MFA): If the compromised account supports it, enable multi-factor authentication for an extra layer of security. This typically involves receiving a code on your phone or email that you need to enter along with your password when logging in. Notify your Contacts Notify Friends, Family, and Business Contacts as needed: Contact friends and family and warn them that someone may try to contact them or impersonate you. Recommend they call you to confirm information rather text/email etc. Established contacts can become the next target. Check Accounts and Available Data Check your Accounts for any Personal and Confidential information (such as address, CC #, SSN): Check files/email for any information that could be used in a scam or to scam people you know (financial info or personal info). If you find anything a bad guy might use to impersonate you with a business or financial partner, contact any other parties to let them know of the situation and ask what can be done to protect yourself. Check Other Accounts: If you use similar passwords across multiple accounts, consider changing the passwords for those accounts as well. It's a good practice to use unique passwords for each account to minimize the risk of multiple accounts being compromised if one is breached. Monitor Accounts and Activity Review Account Activity: Review the recent activity on the compromised account to identify any suspicious actions, unrecognized devices, or unauthorized access. Most online services provide a feature that allows you to view recent login attempts and activity. If you find anything suspicious, log out of all active sessions and revoke access to any unauthorized apps or services. Monitor Financial Statements: If the compromised account is linked to any financial accounts or payment methods, monitor those accounts closely for any unauthorized transactions. Report any suspicious activity to your bank or financial institution immediately. Monitor your credit for unauthorized activity. In the event the bad actors got hold of financial information consider contacting all financial organizations and insurance companies you partner with and let them know your personal information may have been compromised and ask what they recommend to protect yourself against Identity Theft. Contact Customer Support: If you suspect that your account has been compromised, contact the customer support team of the service or platform associated with the account. They can provide guidance on next steps and may be able to assist in securing your account. Contact the three major credit agencies (see below) and consider putting a freeze on your credit and ask for recommendations. Major credit agency contact info: Equifax (866) 349-5191 www.equifax.com P.O. Box 740241 Atlanta, GA 30374 Experian (888) 397-3742 www.experian.com P.O. Box 2002 Allen, TX 75013 TransUnion 800) 888-4213 www.transunion.com 2 Baldwin Place P.O. Box 1000 Chester, PA 19016 Protect and Educate Yourself Consider Identity Theft Protection: Depending on the severity of the compromise and the information involved, you may want to consider enrolling in an identity theft protection service to monitor for any signs of fraudulent activity using your personal information. Educate Yourself: Take this opportunity to educate yourself about common cybersecurity threats and best practices for protecting your online accounts. Stay informed about the latest security measures and updates from the services you use. Review the tips provided by the Federal Trade Commission's Consumer Information website, a valuable resource with some helpful tips on how to protect your information. Additional information is available at https://www.consumer.ftc.gov/topics/privacy-identity-online-security View the tips listed here: https://www.identitytheft.gov/#/Info-Lost-or-Stolen Stay Vigilant: Even after taking these steps, remain vigilant about your online security. Regularly update your passwords, enable security features like MFA whenever possible, and be cautious about clicking on links or downloading attachments from unknown source Scan for Malware: Run a full scan of your device using reputable antivirus or anti-malware software to check for any malicious software that may have contributed to the compromise. By taking these proactive measures, you can help minimize the impact of a compromised account and reduce the risk of future security incidents.

Information Security BTech Alerts & Notifications - Check this page for the latest information on emergencies and system outages. All times are Pacific. Problem A website address (URL, domain name) is very similar to a real Swinerton website address. Swinertonco.com, swinertoncorp.com, swinerton-usa.com, swinertton.com Examples: The letter “v” used twice instead of the letter “w”. Bad Web Address: www.svvinerton.com Typo in the Web Address (URL, domain name). Bad Web Address: www.swnierton.com Cause A domain name was registered with a similar name that was used to send a potential fraudulent email opening lines of credit, requesting payment, and/or requesting a payment change. Examples of references to this type of issue: Email Domain Spoofing Email Typosquatting Email Domain Phishing Email Cybersquatting Email Domain Attack Email Trademark Infringement Estimated Troubleshooting Time 5 Minutes. Solution Gather the following information: Exact Website Address (copy and paste): Attach a screenshot showing the Website Address (URL, domain name) to the ticket. Contact information for the first recipient of the email. Open a ticket with the Service Desk to report the issue using the Swinerton Support Customer Portal. Ticket Logging Guide Subject: Website Address Domain Name Trademark Infringement - (Name of Domain) Description: Include the Website Address (URL, domain name) (copy and paste). Include any information that may help identify the impact of the issue. Attach a file: Attach a copy of the original email with mail headers (if applicable) to the ticket. Priority: Low Issue: Cyber Security Category: Domain Infringement