1 What is Phishing?
Phishing is when attackers pretend to be someone you trust to trick you into giving up passwords, money, or access to your accounts.
- 91% of cyber attacks start with a phishing email
- Attackers impersonate banks, employers, delivery services, tech companies
- Goal: steal credentials, install malware, or trick you into sending money
- Phishing happens via email, text (smishing), phone calls (vishing), and social media
2 Red Flags in Emails
Phishing emails often have telltale signs that give them away. Train yourself to spot these before clicking anything.
Watch For These Red Flags
- Urgent language: "Your account will be suspended!" "Act now!"
- Sender address doesn't match the company (e.g., "support@amaz0n-security.com")
- Generic greetings: "Dear Customer" instead of your name
- Poor grammar and spelling mistakes
- Requests for passwords, SSN, or payment info via email
- Links that don't go where they say (hover to check)
- Unexpected attachments, especially .zip, .exe, or Office files with macros
3 How to Verify Suspicious Emails
When something feels off, take a moment to verify before taking action.
- Don't click links in the email - go directly to the company's website
- Call the company using a number from their official website (not the email)
- Check the sender's full email address, not just the display name
- If it's "from" a coworker, verify via Slack, Teams, or phone
- When in doubt, ask your IT team or a security-savvy colleague
4 Spear Phishing: Targeted Attacks
Spear phishing targets specific individuals using personal information to make the attack more convincing.
- Attackers research you on LinkedIn, social media, company websites
- They may impersonate your boss, HR, or a vendor you work with
- "Business Email Compromise" (BEC) costs companies billions yearly
- Always verify wire transfers and payment changes by phone
5 Smishing and Vishing
Phishing isn't just email. Text messages and phone calls are increasingly common attack vectors.
- Smishing (SMS phishing): Fake delivery notifications, bank alerts, or prize claims via text
- Vishing (voice phishing): Calls claiming to be IRS, tech support, or your bank
- Never give sensitive info to someone who called you - hang up and call back on an official number
- Real companies won't ask for passwords or gift card payments over the phone
6 What to Do If You Clicked
If you think you fell for a phishing attack, act quickly to minimize damage.
- Immediately change your password for the affected account
- Enable 2FA if you haven't already
- Check for unauthorized activity (logins, transactions, sent emails)
- Report the incident to your IT team or security contact
- If you entered financial info, contact your bank immediately
- Run a malware scan if you downloaded an attachment
Test Your Team's Phishing Awareness
We run simulated phishing campaigns to identify vulnerable employees and provide targeted training.