Always follow your organization's official security guidelines when reporting suspicious emails.

What is Phishing?

Phishing is a form of fraud and an attack (e.g. email, voice, text, instant message) that tries to get you to provide sensitive information (e.g. login credentials, password), click an link, or open an attachment in order to gain system access, monetary benefits, steal information, or otherwise cause harm to you or your organization.

There are many types of phishing attacks, so always stay alert and report any suspicious emails or messages you receive.

Elements of Phishing attacks

The following elements are often found in phishing attacks:

• A sense of urgency
• A required action (e.g. clicking on a link, opening an attachment, sending information)
• Appealing to curiosity, or threatening
• Unexpected sender or topic

What should I do if I receive a phishing email?

If you receive and email like this, especially from someone from your organization, please stop for a moment before clicking links or opening attachments.

Verify the sender has actually sent you a valid email by contacting them outside of email or instant messaging.

If an email account has been compromised, verifying the sender's identity by sending an email or an instant message (Skype, Slack) is not a safe option.

Always try to get a face to face or over the phone confirmation.

Report the email with the Hoxhunt button, read more here: Reporting Suspicious Emails (Phishing or Spam)

Read more about the origins of phishing and spam as well as how to tell the difference between the two: Phishing v Spam - What is the difference?

Always follow your organization's official security guidelines when reporting suspicious emails.