Phishing emails are one of the easiest ways to compromise our user accounts. Socially-engineered attacks are designed to trick us into clicking malicious links or giving up our credentials.
Phishing emails are designed to look like they’re coming from a credible source or website, but they’re actually sent by malicious hackers.
Often, their email will contain a link that will redirect us to a fake login or get us to click on a link, which can lead to them stealing our credentials, access critical applications, and leading to a data breach of our personal or business information.
- Check who the email sender is before opening. Don’t trust the name displayed as the email address.
- Beware of urgency. Phishers like to use impose a sense of importance to get users to react immediately.
- Check the email for grammar and spelling mistakes. Emails from legitimate companies do not usually have spelling or grammar mistakes.
- Threat of authority: Phishers like to use law enforcement and government agencies to scare or intimidate users. Always check the sender’s contact details and Google them to check if they are a legitimate business.
- Is the email asking for personal information? Legitimate businesses will never ask you for confidential information or credentials via email. That includes your password and social security number.
- Don’t believe everything you see. If it seems too good to be true, it probably is. Most companies do not go around handing out fistfuls of dollars to anyone who clicks on a link.
- Never click the link or attachments you’re not expecting. Instead, mouse over the link to see where it will take you, or manually type the URL into your browser yourself.
- Is the email addressed to you?: A red flag should go up when an email is addressed to a generic person, e.g. “Dear valuable client” or “Hello”.
- Reliance on coincidence: If you think a company may have sent you an attachment because you are a customer, first make sure the sender is indeed the legitimate company of which you are a customer
- If in any doubt, Google “scam” + some details of the email, e.g. “scam IRS urgent warning tax details out of date.” Often you will find that other users have already reported the phishing email as bogus.
When in doubt, contact our Help Desk: 549-2002, email@example.com or Information Security Manager: 549-2607, firstname.lastname@example.org.