Learn how to indentify a phishing scam
Phishing scams are a type of cyberattack where attackers impersonate trusted organizations or individuals in order
to trick users into revealing sensitive information such as usernames, passwords, financial details, or personal data.
These attacks are commonly delivered through email, text messages, or fake websites that closely resemble legitimate services.
The goal of this module is to help users recognize phishing attempts and respond appropriately to protect themselves and their
organization.
Identifying Phishing Attempts
Phishing attempts often rely on urgency, fear, or curiosity to manipulate users into acting quickly without thinking. Common
warning signs include messages that pressure you to take immediate action, suspicious or slightly altered email addresses,
and unexpected requests for personal or login information. Users should also be cautious of links that appear legitimate but
redirect to unfamiliar websites, as well as messages containing poor grammar, generic greetings, or unprofessional formatting.
Attachments or downloads that were not requested should always be treated as potentially dangerous.
Responding to Phishing Emails or Messages
If a phishing attempt is suspected, users should avoid clicking on any links or opening attachments contained in the message.
It is important to verify the sender’s identity through official communication channels rather than replying directly.
Suspicious messages should be reported to the appropriate IT or security team to help prevent further attacks. After reporting,
the message should be deleted. If any sensitive information was accidentally shared, users should immediately change their credentials
and notify support for further assistance.
Preventing Phishing Attacks
Preventing phishing attacks requires consistent awareness and safe online behavior. Users should carefully inspect email addresses and
website URLs before interacting with any content. Enabling multi-factor authentication adds an additional layer of protection to important
accounts. It is also important to avoid responding to messages that create urgency or emotional pressure without verification. Whenever
possible, users should access services directly through official websites rather than clicking on embedded links in messages. Regular
cybersecurity awareness training helps reinforce these habits and reduce risk over time.
Phishing attacks are designed to exploit human behavior rather than technical weaknesses. By staying alert, verifying information, and
following safe communication practices, users can significantly reduce the risk of falling victim to these types of attacks.