Cybercriminals Are Always Phishing

But You Don’t Have to Get Caught

Note: October is National Cyber Security Awareness Month

Phishing is when attackers use fake emails, social media posts, or direct messages to trick you into clicking on harmful links or downloading malicious attachments.  One wrong click can hand over your personal info to cybercriminals or infect your device with malware.

But don’t let your inbox scare you!  Once you know what to look for, avoiding phishing scams is easier than you think.  With a little awareness, you can outsmart phishers every time.

Spot it, don’t click it!
Phishing emails can be sneaky, but once you know the signs, you’ll be able to spot them quickly.   Before clicking any links or downloading attachments, take a few seconds to ensure the email looks legitimate.  Here are some quick tips for identifying a phishing email:

  • Does it offer something that seems too good to be true?
  • Does it use urgent, alarming, or threatening language?
  • Is the email full of spelling or grammatical mistakes?
  • Is the greeting vague or overly generic?
  • Does it ask for personal information?
  • Does it urge you to click on unfamiliar links or open unexpected attachments?
  • Is there an odd or sudden business request?
  • Does the sender’s email address match the company name?  Watch for slight misspellings like “pavpal.com” or “anazon.com.”

I’ve spotted a phishing email—now what?
First, relax!  You’ve already done the hardest part by recognizing the email as a phishing attempt.

If you received the email at work, report it to your IT department or security officer immediately.

If it’s in your personal inbox, don’t click on any links (including unsubscribe) or reply to the email.   Just delete it.   Remember: Don’t click, just delete.

For extra protection, you can block the sender’s address in your email settings.  Here’s how to block a sender on popular platforms:

Report phishing
Many email platforms also let you report phishing attempts.  If you suspect an email is phishing for your information, report it as soon as possible.   If the email was sent to your work account, let your IT team know right away.

Here’s how to report phishing on popular platforms:

You can also report phishing attempts to the Federal Trade Commission.