Always follow your organisation's official security guidelines when reporting suspicious emails.
What is Phishing?
Phishing is a form of fraud and an attack (e.g. email, voice, text, instant message) that tries to get you to provide sensitive information (e.g. login credentials, password), click an link, or open an attachment in order to gain system access, monetary benefits, steal information, or otherwise cause harm to you or your organisation.
There are many types of phishing attacks, so always stay alert and report any suspicious emails or messages you receive.
Elements of Phishing attacks
The following elements are often found in phishing attacks:
- A sense of urgency
- A required action (e.g. clicking on a link, opening an attachment, sending information)
- Appealing to curiosity, or threatening
- Unexpected sender or topic
If you receive and email like this, especially from someone from your organisation, please stop for a moment before clicking links or opening attachments. Verify the sender has actually sent you a valid email by contacting them outside of email or instant messaging.
If an email account has been compromised, verifying the sender's identity by sending an email or an instant message (Skype, Slack) is not a safe option. Always seek for a face to face or over the phone confirmation.
Always follow your organisation's official security guidelines when reporting suspicious emails.