Take time to remind your end users on what to look for in phishing attempts!

Here are a few quick reminders to pass along:

  • Phishing attacks can look like legitimate messages and even come from email addressed from inside the organization
  • Text messages, QR codes, social media posts/messages, phone calls can all be methods used phishing
  • Phishing campaigns can be designed to make users think that action is required for an online account, such as Office365 accounts
    • After clicking on the email link, users are taken to a convincing log-in screen
    • Once the user enters their sensitive information, the hacker has everything they need
  • Corporations, such as Microsoft or Google, will NEVER ask for sensitive account or payment information in an email
  • Never open attachments directly from an email message (save them and scan them with an anti-virus application)
  • Beware of clicking on links within emails
    • If your bank emails you asking for account updates and includes a link to log into your account, go directly to the bank’s website and login as opposed to following the link in the email
  • When in doubt, contact your IT Department

Make sure end users know how to contact the IT Department and have contact information posted and easy to find!