Phishing & Email Security

Phishing refers to sending an e-mail that tricks someone into clicking on a link or opening an attachment. The end goal of phishing is to steal valuable information, such as usernames, passwords, credit cards or other details. Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware.

Why should you care?

Clicking on links in phishing e-mails, or filling in confidential information on malicious websites can put your data at risk - not only the company's but also your personal data. Through phishing emails, attackers can gain access to confidential company data, steal money from your bank accounts, and steal your identity.

What's safe to do, and what isn't?

There is very little risk in simply opening e-mails. In almost all cases, opening an e-mail will not result in compromise. The risk is in clicking on links or opening attachments. Attackers can e-mail you infected attachments which install malicious software, or "malware" for short. Clicking on a link can take you to a website that steals login or other valuable information. The website could also install malware on your machine without your knowledge.

How can you spot a Phishing email? Bad

Phishing emails can be hard to recognize, and every phishing e-mail is different. Here are some telltale signs:

Bad spelling and grammar: Simple phishing emails are often poorly written. If the content of the e-mail doesn't line up with what you'd expect from the sender, beware!
Deceptive links: Move your mouse over any of the links in the e-mail, without clicking. You should see the address where the link will take you. If it's an e-mail from your bank, but the link doesn't display your bank's website, don't click.
Sense of urgency: Is the e-mail claiming that you were charged an extraordinary amount on your cell phone bill, or telling you your e-mail account has been suspended? Be careful - somebody may want to push your buttons so you click on a malicious link. When in doubt, pick up the phone.
No name in e-mail: Is an e-mail starting with Dear Customer but not including your real name? Chances are the fraudster doesn't even know who this e-mail account belongs to. Don't click.

Example with explanation

A screenshot of a computer

Description automatically generated with medium confidence