Phishing & Email Scam Awareness

Phishing attacks are one of the most common cybersecurity threats, where attackers attempt to trick users into revealing sensitive information such as usernames, passwords, or financial details. This guide will help employees recognize and respond to phishing attempts to protect company and personal data.

What is Phishing?

Phishing is a cyberattack where malicious actors send fraudulent emails or messages pretending to be from a legitimate source. The goal is to deceive recipients into clicking on malicious links, downloading harmful attachments, or providing confidential information.

Common Types of Phishing Attacks

Email Phishing – Fraudulent emails appearing to come from trusted sources.
Spear Phishing – Targeted attacks on specific individuals or departments.
Whaling – Phishing attacks targeting high-level executives.
Smishing – Phishing attempts sent via SMS or messaging apps.
Vishing – Phone-based phishing scams that impersonate trusted entities.
Business Email Compromise (BEC) – Attackers impersonate executives or vendors to request fund transfers or sensitive data.

How to Identify a Phishing Email

Be cautious of emails that:

Come from unknown or unexpected senders.
Urgently request confidential information.
Contain grammatical errors and poor formatting.
Have suspicious links (hover over links before clicking to check the actual destination).
Include unexpected attachments (.zip, .exe, .docm files may contain malware).
Use scare tactics (e.g., "Your account will be suspended!").

Examples of Phishing Emails

"Your Microsoft 365 password is expiring soon. Click here to reset it."
"Your bank account has been compromised! Log in now to secure it."
"You have won a prize! Click the link to claim your reward."

What to Do if You Receive a Phishing Email

Do Not Click on Any Links or Attachments – Avoid interacting with the email.
Verify the Sender – Contact the person or company directly using official contact details.
Report the Email – Use the phishing report feature in Outlook or forward the email to IT security.
Delete the Email – After reporting, remove it from your inbox to prevent accidental interaction.
Change Your Password – If you accidentally clicked a link or provided credentials, reset your password immediately.

How to Report a Phishing Attempt

In Outlook Web: Click Report Phishing from the message options.
In Desktop Outlook: Click Report Message > Phishing in the toolbar.

Best Practices to Avoid Phishing Attacks

Enable Multi-Factor Authentication (MFA) – Adds an extra layer of security.
Use Strong Passwords – Avoid using common passwords and enable password managers.
Be Wary of Unsolicited Emails – Verify unexpected requests for sensitive information.
Keep Software Updated – Ensure your computer, antivirus, and browsers are up to date.
Educate Yourself & Others – Regularly review cybersecurity training materials.

Conclusion

Phishing attacks continue to evolve, but awareness and vigilance can significantly reduce the risk. Always verify unexpected emails, report suspicious activity, and follow security best practices to protect company and personal data. If you ever suspect a phishing attempt, report it immediately to IT security.