How To Identify Emails SPAM, Phishing, Fraud, Spoofing

    Some of our colleagues fell victim to a type of cyberattack called "phishing." Phishing attacks are designed to trick individuals into revealing sensitive information or clicking on malicious links, which can have serious consequences for our organization's data and your personal online safety. They're very similar to other attacks, like spoofing, spamming, fraud, and other ways of trying to trick the email's recipient.

    You can also learn how to report SPAM and Encrypt Emails, without ever involving the IT team!

    Below are some helpful tips to help you recognize potential phishing attacks:

Talking Points:

1. Phishing attacks aim to trick you into sharing sensitive information or clicking on harmful links.
2. Cybercriminals often impersonate trusted entities such as real estate partners, banks, online services, friends, family, or colleagues, to gain your trust.
3. Falling victim to a phishing attack can lead to data breaches, financial loss, and other negative consequences.
4. Hackers hack people, not technology. Sure, they're technically knowledgeable, but they are actually masters of the mind both theirs, and yours. 

Steps for a Critical Eye:

1. Examine the sender's email address:
2. Double-check the sender's email address to ensure it matches the expected contact.
3. Be cautious of slight misspellings or variations in domain names, as attackers may try to mimic legitimate addresses.

Look for red flags in the email content:

1. Beware of urgent or overly threatening language, as attackers often use fear to manipulate victims.
2. Check for grammatical errors, unusual phrasing, or poor formatting, which can indicate a phishing attempt.
3. Be cautious of requests for personal information or sensitive data. Legitimate organizations rarely ask for such details via email.

Hover before you click:

1. Before clicking on any links in an email, hover your mouse cursor over them to reveal the actual URL.
2. Ensure the displayed URL matches the expected destination. If it looks suspicious or unfamiliar, avoid clicking. For example, micrasoft.com vs. microsoft.com.

Avoid downloading attachments from unknown sources:

1. Be wary of email attachments from unfamiliar senders, especially if they prompt you to enable macros or run executable files.
2. If in doubt, contact the sender directly through a trusted method to confirm the legitimacy of the attachment.

Additional Tips:

1. Enable multi-factor authentication (MFA) for all your accounts whenever possible, adding an extra layer of security.
2. Regularly update your passwords, using a combination of letters, numbers, and symbols.
3. Be cautious when sharing personal or sensitive information online, even if the request seems legitimate.
4. Report suspicious emails or phishing attempts to our IT department immediately.

    If you suspect you fell victim to a phishing attempt, please report it to IT immediately by clicking the blue Barracuda button in Outlook. The focus here is to solve the issue ASAP without spreading/forwarding the content to others, even to verify.

    Stay safe and secure!