Skip to main content
Planned Outage - Impacting Mexico, Honduras and Costa Rica - Scheduled for 12/12/25 2:30am MPST Click here for further info
Sign in Menu

Recognizing and Reporting Phishing Attempts

Greg Ellis

Overview

Phishing is a type of cyberattack where attackers attempt to trick you into revealing sensitive information such as passwords, financial details, or company data by impersonating trustworthy entities. This article helps employees identify phishing attempts and explains steps to take if you encounter suspicious communications.

What is Phishing?

Phishing emails or messages often:

  • Appear to come from a familiar or trusted source (e.g., your bank, a colleague, or company leadership).
  • Contain urgent requests to take action, such as clicking a link, opening an attachment, or providing login credentials.
  • Use deceptive email addresses, links, or unexpected attachments.
  • Have poor spelling or grammar, or vague language.

How to Identify Phishing Attempts

Look out for these red flags:

  • Unexpected messages: Emails from unknown senders or unexpected messages from known contacts.
  • Suspicious links: Hover over links to see the actual URL—if it doesn’t match the displayed text or looks unusual, do not click.
  • Requests for sensitive information: Legitimate organizations typically do not ask for passwords, social security numbers, or payment details via email.
  • Generic greetings: e.g., "Dear Customer" instead of your name.
  • Attachments: Unexpected or suspicious attachments, especially .exe, .zip, or unfamiliar file types.
  • Sense of urgency or threats: Messages pressuring you to act immediately to avoid penalties or loss.

What to Do If You Suspect a Phishing Attempt

  1. Do Not Click Any Links or Open Attachments.
  2. Do Not Reply to the Message.
  3. Verify the Sender: Contact the sender through a known and trusted communication channel to confirm authenticity.
  4. Report the Phishing Attempt:
    • Forward the suspicious email to phishing@company.com (do not change the subject line).
    • Use your email client’s “Report Phishing” feature if available.
  5. Delete the Message after reporting.

If You Clicked a Suspicious Link or Provided Information

  • Immediately disconnect your device from the network.
  • Do not enter any further information.
  • Report the incident to IT Security immediately:
  • Change your company passwords from a secure device.
  • Monitor your accounts for unusual activity.

Preventive Measures

  • Keep software and antivirus programs updated.
  • Use multi-factor authentication (MFA) wherever possible.
  • Regularly attend company security awareness training.
  • Be cautious with emails requesting urgent action or confidential info.

Additional Resources

Article Feedback:
Was this article helpful? [Yes] [No]
Your input helps us improve our security awareness resources.

This article is maintained by the IT Security Department and reviewed bi-annually.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk