If you don't recognize the senderIf you don't recognize the sender or subject of the message you should be suspicious. If the message contains attachments or links, do not click on any of them. They may load harmful malware on your computer or compromise your username and password. If you recognize the senderIf you do recognize the sender, but are still suspicious, contact the sender and ask if the message is legitimate. Don't click on any links if you're suspicious. When in doubtIf you're just not sure, simply delete the message. You can also report the message using the PhishAlarm Outlook plug-in. | Tip |
|---|
| title | Use the PhishAlarm Outlook plug-in to report phishing emails |
|---|
| The PhishAlarm Outlook plug-in lets you report phishing emails and delete them in one click. Why should you use this instead of forwarding these to these to the helpdesk? Potentially dangerous emails should never be forwarded, not even to the helpdesk. This increases the chances of someone accidentally clicking on a malicious link or opening a malicious attachment. |
What does a phishing message look like?Here is an example of what a phishing scam in an email message might look like. 
Spelling and bad grammar – Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself. Beware of links and attachments in email – If you see a link or attachment in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.
Links might also lead you to .exe files. These kinds of file are known to spread malicious software. Threats – Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts. Spoofing popular websites or companies – Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see Avoid scams that use the Microsoft name fraudulently. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see Protect yourself from cybersquatting and fake web addresses.
Reporting spam/phishing emailsWhile simply deleting phishy emails is the best way to deal with them, you may also report them using the PhishAlarm plug-in for Outlook. You can report and delete potentially phishy email with two clicks. | Note |
|---|
Please do not forward potential phishing emails to the helpdesk. Using the plugin is the best way to report them. |
How do I get more training, so I can be better prepared against phishing emails and ransomeware?PATH provides cybersecurity training to all PATH staff. There are three training modules which teach you about creating secure passwords, malicious emails, and ransomware threats. You can find the training modules in work.path.org, under Wombat Security Technologies Image Removed
| 