Take time to remind your end users on what to look for in phishing attempts!
Here are a few quick reminders to pass along:
- Phishing attacks can look like legitimate messages and even come from email addressed from inside the organization
- Text messages, QR codes, social media posts/messages, phone calls can all be methods used phishing
- Phishing campaigns can be designed to make users think that action is required for an online account, such as Office365 accounts
- After clicking on the email link, users are taken to a convincing log-in screen
- Once the user enters their sensitive information, the hacker has everything they need
- Corporations, such as Microsoft or Google, will NEVER ask for sensitive account or payment information in an email
- Never open attachments directly from an email message (save them and scan them with an anti-virus application)
- Beware of clicking on links within emails
- If your bank emails you asking for account updates and includes a link to log into your account, go directly to the bank’s website and login as opposed to following the link in the email
- When in doubt, contact your IT Department
Make sure end users know how to contact the IT Department and have contact information posted and easy to find!