Cybercriminals rely on one thing more than anything else getting someone to act before they think. Phishing emails are designed to look legitimate, create urgency, and trick people into clicking a link, opening an attachment, or sharing sensitive information. Taking a few extra moments to verify an email can prevent compromised accounts, malware infections, and data breaches.
1. Do Not Click Any Links
One of the biggest warning signs of a phishing email is an unexpected link. If you receive an email from someone you weren’t expecting or someone who doesn’t normally send you links pause before clicking.
A simple way to investigate a link is to hover your mouse over it without clicking. Office 365 will display the website it actually leads to. If the address looks unfamiliar, contains random letters or numbers, is misspelled, or doesn’t match the company it claims to be from, it’s a strong indication that the email is fraudulent.
These websites are often designed to steal passwords, personal information, or install malware on your device. If something doesn’t look right, don’t click it.
2. Never Sign In from an Email Link
One of the most common phishing techniques is directing users to a fake sign-in page. These pages can look almost identical to Microsoft 365, Outlook, Google, Paycom, Amazon, banking websites, and many other trusted services.
The attacker hopes you’ll believe you’ve been signed out or that your account needs immediate verification. Once you enter your username and password, those credentials are sent directly to the attacker.
A compromised account doesn’t just affect you. Once someone gains access, they can read your emails, steal sensitive information, and send phishing messages from your account. Since the emails are coming from a trusted coworker, they’re much more likely to fool other employees, allowing the attack to spread throughout the organization.
Instead of signing in through an email, open your web browser and navigate directly to the website yourself.
3. Check the Sender’s Address
The display name on an email can be changed to almost anything, so don’t rely on the name alone. Always look at the sender’s full email address.
Watch for:
- Misspelled domains
- Extra letters or numbers
- Personal email accounts pretending to represent a business
- Addresses that don’t match the organization they claim to be from
At Woods System of Care, employees are expected to communicate using their official work email accounts. If you receive an unexpected business request from a personal email address or an unfamiliar domain, take a moment to verify that it’s legitimate before responding.
4. Watch for Attachments
Unexpected attachments are another common way attackers compromise computers and accounts.
Many phishing emails include invoices, resumes, shipping notices, PDF files, ZIP files, or Microsoft Office documents that contain malicious code. Often, these emails come from people you don’t normally correspond with or reference topics that don’t relate to your work.
Before opening any attachment, ask yourself:
- Was I expecting this file?
- Do I know the sender?
- Does this request make sense?
If the answer is no, don’t open it. When in doubt, contact the sender through another trusted method before opening the attachment.
5. Don’t Reply
It can be tempting to reply to an email just to ask if it’s legitimate, but if you’re unsure, that’s usually not the safest option.
Replying confirms to the attacker that your email address is active, which can lead to additional phishing attempts.
Instead, verify the request another way. Call the sender using a trusted phone number, start a new email using an address you already know, or contact your IT department for assistance.
6. Be Cautious of Urgent Requests
Phishing emails almost always try to create a sense of urgency. They want you to panic and act before thinking.
Be cautious of messages claiming:
- Your account will be disabled immediately.
- Your password has expired.
- Your mailbox is full.
- A payment or power bill must be paid immediately.
- You must purchase gift cards for a manager or executive.
- You need to send confidential information right away.
Always ask yourself:
“Is this something this person would normally ask me to do?”
For example, your CEO is not going to unexpectedly email you asking you to purchase hundreds of dollars in gift cards. Likewise, Microsoft isn’t going to randomly email you demanding that you sign in immediately to avoid losing your account.
If a request feels unusually urgent, unexpected, or out of character, stop and verify it before taking any action.
When in Doubt, Report It
If you ever receive an email that seems suspicious, don’t click, don’t reply, and don’t open attachments. Instead, report it to the IT Help Desk. Reporting suspicious emails helps protect not only your account but everyone across the organization. One report could prevent dozens of employees from becoming the next target.
Comments
0 comments
Please sign in to leave a comment.