First, you must train yourself to spot the signs of a phishing email. Second, you must practice. Then, you can protect yourself and your company.
STOP and ask yourself, am I expecting this email?
When you are in a rush or on a phone email app, STOP and ask yourself, can this wait until later to check more closely?
If it doesn’t seem quite right, or expected, question it. If it appears to be from a co-worker, don’t reply, call them to verify any requests.
Phishing emails can look just like the real thing – pulling logos and formatting like real companies.
Here are some tips on spotting a scam.
- Contains an offer that seems too good to be true. (You have won a car!)
- Language that is urgent, alarming or threatening. (We suspended your account!)
- Request to send money or personal information.
- Notice asking you to log into an account to correct and issue. (Your account will be cancelled. Log in now to correct the problem.)
- Strange or abrupt business request. (Buy a gift card and send it now.)
- Urgency to click on an unfamiliar hyperlink or attachment. (The attached invoice is overdue.)
- Sending email address doesn’t match the company it’s coming from. Maybe just 1 character is different.
- Greetings are generic or strange.
- Poorly crafted writing with misspellings and bad grammar. We see this less often because criminals are much more sophisticated now.
What to do if you receive a Phishing Email
- Do NOT open attachments or click on links.
- Contact the sender if you know them.
- Report the email to your IT department.
- Delete the email.
If you are tricked by a scam and you click on an attachment, follow a link, or enter login credentials, notify your IT department immediately and disconnect your computer from the network (WiFi, docking station, ethernet cable).
Ask your employer for cybersecurity training!