Knowledge

1. Look Closely at the Sender’s Email Address

• Check for Mismatched Domains: Be cautious if the email appears to be from a trusted contact or organization but is sent from a suspicious or unrelated domain. For instance, an email from what looks like your bank but with a domain ending in @gmail.com or a slight misspelling of the domain (@citibankk.com instead of @citibank.com) is a red flag.
• Spoofed Addresses: Some scammers use email addresses that look legitimate but slightly alter letters or add extra characters. Always take a moment to examine the sender’s email address carefully.

2. Watch for Unusual Greetings and Language

• Generic Greetings: Spam emails often use generic salutations like "Dear Customer" instead of your name. Trusted senders, especially within your organization, will generally use your name.
• Poor Grammar and Spelling Errors: Phishing emails often contain obvious grammar mistakes or awkward language. This can be due to translation or a lack of professionalism from the sender.

3. Hover Over Links Before Clicking

• Suspicious URLs: Hover over any links (without clicking) to see the full URL. If the link leads to an unfamiliar or misspelled domain, it could be a trap. Instead of clicking, type trusted website URLs directly into your browser.
• Embedded Attachments: Avoid downloading attachments from unknown sources, as these can contain malware. When in doubt, confirm with the sender before opening any attachments.

4. Be Wary of Urgent Requests or Threats

• Urgency and Pressure: Phishing emails often create a false sense of urgency or panic, saying things like "Your account will be locked" or "Immediate action required." Remember, legitimate companies typically don’t communicate this way; you can reach out directly to verify the request.
• Unusual Payment or Personal Information Requests: Emails requesting financial information, passwords, or sensitive company data are usually phishing attempts. No reputable organization will ask for such information over email.

5. Look Out for Odd Email Formatting

• Inconsistent Fonts and Layouts: Phishing emails often have inconsistent formatting—such as different font sizes or colors—which can be an indicator of a quickly thrown-together scam email.
• Off-Brand Logos or Images: Watch for low-quality logos or images that don’t match official branding, as scammers may use poorly replicated company logos.

Steps to Take When You Suspect an Email is Spam or Phishing

If you receive a suspicious email:

1. Do Not Click on Any Links or Open Attachments.
2. Report the Email to IT Security: Forward the email to our IT support team, who can verify its authenticity and block similar emails.
3. Delete the Email After Reporting. Once the email is reported, delete it from your inbox and empty your trash folder.

Improving Awareness Through Regular Training

Understanding the tactics used by spammers and cybercriminals is key to avoiding email-based attacks. As part of our commitment to cybersecurity, we encourage all team members to participate in our regular security awareness training. By staying informed and cautious, each of us can help protect our company from data breaches and other cyber threats.

Remember: When in Doubt, Reach Out!

If you’re unsure about an email, it’s always better to double-check with IT rather than risk a potential phishing attack. Your vigilance plays a critical role in safeguarding our information and systems.

Stay safe, and thank you for helping us protect our digital workplace!