Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's device like ransomware.
Phishing emails come in many forms. We’ve focused on emails in this article, but you might also get scam text messages, phone calls or social media posts.
Identifying a Suspicious Email or Message
-
Do you trust the person or organization the email was sent from? Take the time to verify the sender and message authenticity through separate email or phone communications. Do not directly reply to the suspicious message. Valid, trusted business email accounts can be compromised and used to send out phishing messages to unsuspecting customers.
-
If the answer is "No," then delete the email.
-
Does the sender's email have a misspelled domain name, or does a link have a misspelled domain name or look suspicious?
-
If the answer is "Yes", it is most likely a phishing attempt.
-
Does the email have an attachment?
-
If the answer is "Yes," :
-
Only open attachments from senders you trust.
-
Were you expecting the attachment?
-
Is the attachment password protected?
-
Always be cautious when deciding whether to open email attachments.
-
Does the email have grammatical or spelling errors?
-
If the answer is "Yes," that is often a key indicator that the email is suspicious.
-
Does the email or message try to create a sense of urgency? Never provide login credentials or any sensitive information in a form linked from a suspicious or unexpected message. Threat actors use valid Microsoft and Google forms to collect your information.
-
The more urgent the message or email, the more likely the sender is trying to scare you into clicking or opening something you should not.
Pay attention to the sender's email address. A legitimate business or organizational message will not be sent from an individual Gmail address, for example.
Reporting Phishing (Outlook)
If you want to report a suspicious email, and you are using Outlook.
- Select the suspicious email: in your Outlook inbox. Do not click on any links or open attachments within the email.
- Find the "Report" button: on the toolbar. This button may be labeled as "Report" or have a security shield icon.
- Click the "Report" button: to reveal a dropdown menu.
- Choose "Report phishing": from the menu.
- Confirm the action: if prompted.
The email will then be moved to your Junk folder and removed from your inbox.