How to educate your team and avoid embarrassment
What is Phishing?
Email Phishing is when someone pretends to be someone they’re not through a misleading email scam. For example, a common example would be a message seemingly from your CEO requesting you send her money via iTunes gift cards or a wire transfer.
So what should I look out for?
- A message seemingly from your CEO requesting money
- A message from someone you know sent from an unfamiliar or suspicious domain (e.g. FirstName_LastName@xyzyourdomain.com)
- A well branded email message from a provider (e.g. Dropbox or Microsoft) suggesting the need to click on a link to reset a password.
- Unusually poor grammar.
What if I clicked anyway?
- The bad guys don’t have anything till you fill out the info. They’re just leading you to their portal -which, by use of wasted talent, could be very difficult to mistake as an imposter.
- Send the email and explain everything to your IT Provider
What if I clicked anyway and filled out the info?
- Contact your IT Provider immediately. If acted on quick enough, there’s a tiny chance they can change your password or even put a stop to the nefarious actions
How do I protect myself?
- If you get a request to pay any dollar amount over email, call your colleague to verify.
- Double check the sending address. It’s likely your CEO wouldn’t send you an urgent message from an @aol, @outlook, @gmail or @xyz<YourDomain>.
- Microsoft rarely sends non IT Admins suspicious login attempts. Even if it looks real, reach out to your IT Support Specialist.
- If you see anything suspicious, contact your IT Provider. They can verify the sending address or links associated with the message.
Other sources on Phishing: