How to recognize a phishing scam/email
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Some examples include the Fake Invoice, Email Account Upgrade, Advance-Fee Scam or the Google Docs Scam.
Here’s an example of what a phishing email may look like.
How to avoid being phished
There are a number of ways to avoid being a victim of a phishing email. Here are several tips that can help keep your money safe.
Keep informed about new techniques.
By finding out about new phishing techniques as soon as possible, you will be much less likely to be taken in by one. Ongoing security awareness training is highly recommended.
Think before you click.
Never click on links that appear in random emails or instant messages. Hover over links you are unsure of before clicking on them to see where they lead. If the email does not contain your name and/or starts with “Dear Customer,” it’s best to report it to your IT department before clicking ANY link. If you must, go directly to the source of the email rather than clicking on a potentially dangerous link.
Be wary of pop-ups.
Pop-up windows often masquerade as legitimate components of a website. Often, though, they are phishing attempts. If one slips through your firewall, don’t click the “cancel” button as it could lead to a phishing site. Instead, click the small “x” in the upper corner of the window.