The email you just clicked on was sent on behalf of your IT department as part of a cybersecurity consulting engagement performed by CapinTech. This email was safe. But if it had been a real phishing email, the hackers could have caused harm.
Why You Are Receiving This
Your organization has made it a priority to protect its data from hackers. Phishing emails are a very common cybersecurity threat, and phishing attacks have become increasingly sophisticated. Phishing simulations like this one are an effective way to help equip you with the tools and practice to identify phishing scams so that you don’t fall victim to a real one.
All it takes is one click! Here are some tips to help you identify a phishing email:
Watch for These Warning Signs
- Generic greetings – Phishing emails often use generic greetings like “Dear user” or “Dear customer.” Legitimate organizations will typically address you by name.
- Urgent language – Does the email have a sense of urgency? Be cautious of urgent deadlines or emails that ask you to act quickly. Hackers often try to create panic and apply pressure to get you to act without thinking. Phishing messages may indicate that your account will be suspended, fraudulent activity has been detected, or data will be deleted if you don’t act quickly. If you’re in doubt, contact your IT department.
- Misspellings and poor grammar – While tools like artificial intelligence are helping hackers write better emails, misspellings and poor grammar can still be a sign of a phishing email.
- Unavailability – Is the person who supposedly sent the message unavailable to talk? The message might say that they are tied up in a meeting or out of the office. Hackers often use this tactic when writing emails meant to look like they are sent by members of the organization’s management or leadership team. They couple this with an urgent request so you feel pressured to respond right away, without going through the proper verification channels.
- Hackers use phishing to gain information or deliver malware to your computer. Watch out for emails that ask you to take actions like these:
- Click a link or provide your user ID and password
- Conduct a monetary transaction
- Update payment information you may have on record for a vendor or other party
- Do not click on links in emails unless you are certain of the source. If you are in doubt, contact the person who sent the email to confirm its authenticity. Always contact this individual at the phone number you have on file for them. If the email looks like it’s from a company, contact them by using the phone number, email address, or contact form found on their website. Don’t use contact details provided in the email as they could be fake numbers that will put you in touch with the hackers!
- Access the site directly instead of clicking links in the email. Links can be masked, and a link can look legitimate but take you to a fraudulent site. If you’re careful, you can hover over the link without clicking to see the true origin and where it’s taking you.
- Remember: your IT department and legitimate organizations will never ask you to disclose your password. If you are asked to disclose your password over the phone or via email, contact your IT department directly.
Thank you for helping to keep your organization’s data safe!