Unfortunately it's easy for criminals to send you emails supposedly from IOPEN, attempting to elicit information. And even to set up a modified copy of this website to direct you to.

Fortunately there's ways for you to check authenticity. Please get help from your technical advisor if necessary.

Risk reduction requires effort by both us and you. We've done all that we can, so now it's up to you.

IOPEN has domains iopen.net and iopen.co.nz, and the verification things apply to those and their sub-domains.

Emails manually sent by us have all 3 of these :

1. Plain-text content. That is, they do not contain any HTML code.
2. An originating server address (in the email's header) that's in the IOPEN SPF server addresses list. We specify that all invalid-originating-address emails should be marked as suspicious, but doing that is up to your email provider. An SPF data viewer is here.
3. A valid IOPEN DKIM signature in the header. Email systems typically do this check automatically and record the test result in the header.

Our automatically-generated alert emails may contain HTML code, but regardless they will have the above items 2 and 3.

Verify that access is via https:// (and not http://), and don't ignore any security certificate warnings.

All IOPEN websites specify the use of HSTS. So the first time you visit one of them. your browser will note that all further accesses to it are to use https:// (only).

The HSTS means that criminals can succeed with a cloned website only if they can get you to visit it before you've accessed the real site.