Knowledge Center

Phishing is a type of online scam that tricks people into giving away personal information or installing malware. Phishing can appear as emails, texts, social media messages, or phone calls

How phishing works
 

Phishing works by tricking victims with fraudulent emails or messages that appear to come from trusted sources. These deceptive communications often persuade individuals to share sensitive information, typically through a fake but convincing website. In some cases, phishing also involves the installation of malware or ransomware on the victim’s device.

How to avoid phishing
 

Be cautious of any urgent calls to action or threats
Watch out for emails or Teams messages that urge you to act immediately—whether by clicking a link, making a call, or opening an attachment. These messages often threaten penalties or promise rewards to create a false sense of urgency. The goal is to rush you into action without giving you time to think or seek advice from a trusted source who could help spot the deception.

Tip: If you encounter a message demanding immediate action, take a moment to pause, and then examine it carefully. Does it seem legitimate? Slowing down can help you stay safe.

Be wary of any first-time, infrequent, or external senders
Messages from new or external contacts are common, but they warrant extra caution. Emails or Teams messages from unfamiliar senders—especially those marked as [External]—could be phishing attempts. Always verify the sender's identity and scrutinize the message before responding or taking any action.

Look out for spelling and grammatical errors
Reputable organizations usually uphold high standards in their communications. Noticeable spelling or grammar mistakes can be a red flag for a scam, often stemming from poor translations or deliberate efforts to evade spam filters.

Remain mindful of generic greetings
Trusted organizations will typically address you by name in their messages. Be cautious of generic greetings like 'Dear Sir/Madam,' as they may indicate a phishing attempt from someone impersonating your bank, a shopping site, or another entity.

Watch for mismatched email domains
If an email claims to be from a reputable company (e.g., Microsoft or your bank), but uses an unrelated sender domain (e.g., Gmail.com or microsoftsupport.ru), it’s likely fraudulent. Pay close attention to subtle domain misspellings, such as "micros0ft.com" (where a zero replaces the "o") or "rnicrosoft.com" (where an "r" and "n" replace the "m"). These tricks are common in scams.

Pay attention to Outlook sender verification warnings
Outlook may show a banner warning that it couldn't verify the sender. This often occurs when email headers fail authentication or when the 'From' field is suspiciously formatted to mislead you. Handle these messages with care—they might not be from the claimed sender and could pose a security risk.

Be vigilant about suspicious links or unexpected attachments
If a message seems questionable or suspicious, refrain from clicking on links or opening attachments. Instead, hover your cursor over any links to check the actual web address. Compare it with what’s displayed in the message. If the URL looks unfamiliar or doesn’t match, it’s likely a scam. For example, a link may claim to lead to a company’s website but instead display a suspicious string of numbers when hovered over.

How to Spot a Suspicious or Spoofed Email
 

1. Compare the Sender Name vs. the Email Address
   •  Always check that the display name matches the actual email address. Fraudsters often spoof a familiar name with a mismatched or suspicious email address.
2. Examine the Signature for Inconsistencies 
   • Look for inconsistencies in the email signature. For example, a sender claiming to be from California but listing a Massachusetts area code may be a red flag.
3.  Review the Email Headers - Focus on the "Return-Path"
   • Examine the "Return-Path" line in the email header. It should align with the domain of the displayed sender. If it looks unrelated or unfamiliar, the email may be spoofed. 
4. Check the SPF (Sender Policy Framework) Results
   • In the email header, look for "RECEIVED-SPF." If it says Pass, the email likely came from a verified source. Fail or Softfail indicates the email may not be authorized by the sender’s domain.
5. Review the DKIM and DMARC Authentication
   • If the sending organization uses DKIM and DMARC, the "AUTHENTICATION-RESULTS" section in the header will show whether the email passed validation. A Fail here means the email could be spoofed or manipulated.
      

What to do if you think you’ve been phished
 

If you think you’ve been phished, here are some steps you can take:

1. Document as many details of the attack as you can remember. Include any information you may have shared, such as usernames, account numbers, or passwords, as well as where the attack occurred—whether in Teams, Outlook, or another platform.
2. Change your passwords immediately on all affected accounts, and anywhere else you might use the same password.
3. Enable Multi-Factor Authentication for every account possible. MFA adds an extra layer of security by requiring a second step to verify your identity, such as a code sent to your phone or email and significantly reduces the chances of unauthorized access to your accounts compared to using just a password. We recommend choosing SMS, as it is generally more secure than email.   For more information on enrolling, view this article.
4. Notify the organization or service impersonated to alert them and confirm the legitimacy of the communication. You should also notify IT support and/or cybersecurity at your company.
   1. If you did share information about your credit cards or bank accounts, you may want to also contact those organizations to alert them to possible fraud.
5. Monitor your accounts for unauthorized transactions or changes and report suspicious activity promptly.
6. Report the phishing attempt to authorities or organizations, such as the Federal Trade Commission (FTC) at ReportFraud.ftc.gov, or the Anti-Phishing Working Group (APWG) at reportphishing@apwg.org.

Phishing attacks can be deceptive and damaging, but with vigilance and the right steps, you can protect yourself and respond effectively if targeted. By understanding how phishing works, recognizing the warning signs, and knowing what actions to take, you can stay one step ahead of cybercriminals. Remember, when it comes to online safety, caution and awareness are your best defenses.