Scams, phishing, and malicious attempts are getting more sophisticated these days. We have noticed that most of them comply with the email security policy and are trying to impersonate Barry Plant.


We know that most of you are concerned about our data security, but I wish we could prevent this from happening 100%. Our Google Workspace security is currently preventing 80–90% of phishing emails. Of course! With the email security policy we implemented and running on our system, we are making it more secure and harder to penetrate our email services. Aside from that, Google itself has its security running 24/7 on every server and service it offers.


If you've noticed emails in your Spam folder, it means Google has flagged them as invalid or identified a higher potential that they are phishing. All emails in your Spam folder will be deleted after 30 days. You might wonder why Google allows them to stay that long. Google still wants us to verify those emails, as not everyone complies with the email security policy. Additionally, if you have a client with a history of abusive email practices, there is a chance their email will land in the Spam folder.


Keep in mind that 90–95% of emails in your Spam folder are considered junk and not secure. On the other hand, we can block emails within Google Workspace. This security feature allows us to specifically block certain domains or email addresses. This is an additional feature Google offers, which is why we ask everyone to report suspicious emails to [email protected].



Best Practices to Spot Spoof Emails in your inbox:


  • Check the "FROM" address. If you are not expecting an email from that domain or company, avoid interacting with it, even if it appears legitimate.



  • Be cautious of emails containing forms, links, or requiring authorization. Avoid clicking any links unless you are certain of their authenticity.
  • If unsure about a sender's legitimacy, forward the email to [email protected] right away.



A recent incident from one of our offices caught our attention. They received a very sophisticated email pretending to represent the Barry Plant domain but using a random email—this is called Email Spoofing.



How is this possible? This type of attack exploits a server with open relay settings and forwards emails using that server to make them appear legitimate.



How do I know if this is spoofing? Refer to the same reminder mentioned earlier: Check if the email body contains links, forms, or requests for authorization. Why would you provide these details if you are not expecting the email anyway? Stay vigilant and immediately report any suspicious emails. Don't comply right away—think before you click.



What do you do if you have been scammed? If you ever click a link in a suspicious email or potential phishing attempt, don’t stress out or panic.



Here are the next steps to take:


  • If you click a link and it automatically downloads a file:
    • Check your Downloads folder for the file and delete it immediately.
    • Afterwards, report what happened to [email protected].


  • If you are redirected to a browser page but no automatic download occurs:
    • This type of attack typically requires additional action from your end.
    • Stop immediately and do not proceed further.



Report the email as phishing through the steps here.



If you have questions or concerns, please don’t hesitate to reach out to us at [email protected].