How to spot phishing emails and protect yourself from malicious content
Phishing is a form of social engineering designed to trick you into revealing sensitive information or to install malicious software.
Email remains one of the primary ways to compromise your system or gain access to your information. All it takes is one click to compromise our network, so be careful what you click on.
WHAT TO LOOK FOR
There are many things you can look for in messages that you receive to identify phishing emails and protect yourself and the network from attack :
- File attachments that can infect your computer with malware.
- Links that take you to websites that will infect your computer.
- Prompts to solicit login credentials and other sensitive information so that the attackers can gain access to our network.
Phishing emails play on emotions like fear, curiosity, recognition, opportunity, and a sense of urgency in order to rush you in to opening attachments or clicking links.
DID YOU KNOW?
It is important to examine hyperlinks in suspicious emails. Here’s how to check where a link goes without clicking :
- Desktop (Mac/Windows): Hover your cursor over the link to view the URL.
- Mobile Devices (Android, iOS, Windows): Touch and hold the link until a pop-up menu appears.
Whether it’s an email, text or a phone call, be aware what you are asked to do and be cautious when clicking links or opening attachments.
- Always be suspicious of messages you think maybe suspect
- Don’t click on links or attachments in suspect messages
- Contact the sender via another means to confirm details
- Report any suspicious messages to IT
Best Practices :
- Do Not Open email attachments with file types you do not recognise
- Do Not Unsubscribe – just delete the email or send to junk
- Do Not Respond to spam messages, just delete them
- Do Check the email ‘From’ field to check the sender, this may be spoofed
- Do Check for ‘double extended’ attachments like ‘.pdf.exe’ for example
Spear phishers have many techniques at their disposal to fool not only you, but any email-filtering solutions your organization may have in place. When spear phishing attacks make it through your organization’s defenses, it is up to you to identify them as potential threats.
To tell if an email is a spear phishing attempt, be aware of emails and messages that:
- Ask you to click on a link or open an attachment.
- Create a sense of urgency.
- Evoke strong emotions, like greed, jealousy, or fear.
- Request sensitive data.
Legitimate companies will not ask for passwords or other sensitive data via email.
Always check the URL of the site you are visiting. In many instances, a phishing email will direct you to an imitation website that appears legitimate, but attempts to steal your password or other sensitive data.