Don’t be the one to take the bait
Email RED flags:
- Sense of urgency or threatening language.
- Unfamiliar or unusual senders or recipients.
- Spelling or grammar errors.
- Request for money or personal information.
- Call to action, such as clicking a link or downloading an attachment.
What is a phishing attack?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
Moreover, phishing is often used to gain a foothold in governmental networks. Phishing emails are increasingly sophisticated and hard to detect. They may appear to be from people or organizations you know and trust. They may even contain information from previous email threads so that it appears to be part of a continuing conversation. Always think before you click.
If you are unsure about an email or text you’ve received, there are additional measures you can take to inspect it closely:
- Hover over any email links with your mouse cursor to display the preview URL.
- If the URL is from an unfamiliar or suspicious domain, don’t click on it.
- Independently navigate to the website of the organization in question to confirm any information provided in the text/email.
Not sure what to do with the suspicious email?
- Do not forward the email, but save it and then attach it to an email addressed to your IT security staff.
- Report the email as Phishing:
- In Oultook, you will have to add the Reporting button. You can use this guide to add the button.
- In O365, right click on the email and in the list of options that pops up, you will see "Report" and then you can report the message a Junk or Phishing.