Don’t be the one to take the bait
What is a phishing attack?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack or the revealing of sensitive information.
|
Email RED flags:
- Sense of urgency or threatening language.
- Unfamiliar or unusual senders or recipients.
- Spelling or grammar errors.
- Request for money or personal information.
- Call to action, such as clicking a link or downloading an attachment.
|
Moreover, phishing is often used to gain a foothold in governmental networks. Phishing emails are increasingly sophisticated and hard to detect. They may appear to be from people or organizations you know and trust. They may even contain information from previous emails threads so that it appears to be part of a continuing conversation. Always think before you click.
If you are unsure about an email or text you’ve received, there are additional measures you can take to inspect it closely:
- Hover over any email links to display the preview URL. (See example below)
- If the URL is from an unfamiliar or suspicious domain, don’t click on it.
- Independently navigate to the website of the organization in question to confirm any information provided in the text/email.
Not sure what to do with the suspicious email?
Do not forward the email but save it and then attach it to an email addressed to your agency’s IT security staff