Phishing (Pronounced ‘fishing’)

Phishing is a cybercrime where someone—usually pretending to be a trusted source—tries to trick you into giving up sensitive information like your login credentials, financial details, or personal data. Their goal? To use that information for their own gain, often at your expense.

Phishing attempts can come through:

Email
Text messages (SMS)
Phone calls
Messaging apps or social media

🎯 Common Phishing Tactics

Fake login pages: You’re asked to click a link and enter your credentials or credit card info.
Impersonation of IT or support staff: You’re told to “verify” your username or password.⚠️ Reminder: IT will never ask for your password.
Malicious attachments: You receive a file with an urgent or intriguing title. Opening it installs malware that can record your keystrokes and steal your data.

✅ Quick Questions to Spot a Phish

Ask yourself:

Was I expecting this?
If it’s about a password reset, invoice, delivery, or travel confirmation you weren’t expecting—don’t open it.
Does the sender look legit?
Check the email address carefully. Is it someone you know or a verified business? Look for misspellings or odd domains.
Does the tone feel off?
If a coworker’s message seems strange or overly urgent, it might be spoofed. Call them to confirm.
Is it demanding immediate action?
Be wary of messages that pressure you to act now. Phishers often use urgency to bypass your judgment.
Are there links or attachments?
- Don’t click unless you’re sure it’s safe.
- Hover over links to preview the destination. Does it match the text? Is it a trusted site?
- Type URLs manually when in doubt.
Is it asking for sensitive info?
If it requests passwords, credit card numbers, or personal data—stop and verify independently.

🆘 What to Do If You’re Unsure

Don’t respond.
Don’t click.
Don’t open attachments.
Forward the message to your Help Desk or IT team.
Delete it from your Inbox and Deleted Items.

Your awareness is the first line of defense. Stay alert, stay safe!