Part 1: Spotting Phishing Emails

Before interacting with any unexpected email, run through these five checks:

  • [ ] The Sender Check: Does the "From" address match the person’s name exactly? (Look for typos like g00gle.com instead of google.com).

  • [ ] The Link Hover: If you hover your mouse over a link, does the URL in the bottom corner of your screen match where the email says it's going?

  • [ ] The Urgency Test: Is the email using "scare tactics" or extreme pressure to make you act quickly?

  • [ ] The Attachment Rule: Were you expecting this file? If it’s a .zip, .exe, or an unexpected Office doc, do not open it.

  • [ ] The "Too Good to Be True" Factor: Does it offer an unexpected prize, a sudden "bonus," or ask for your password to "verify" your identity?


? Common Phishing Tactics

  • The "Account Issue" Hook:

    • The Tactic: You receive an email saying there is "unusual activity" on your account or your "password has expired."

    • The Goal: To get you to click a link and enter your real password on a fake login page.

  • The "Executive Impersonation" (Whaling):

    • The Tactic: An email that looks like it’s from a CEO or Manager asking for a "quick favor," like buying gift cards for a client or transferring funds.

    • The Goal: To use the authority of a boss to bypass normal security procedures.

  • The "Missing Invoice" or "Shipping Update":

    • The Tactic: An email with an attachment labeled Invoice_9921.pdf or a link to "track your missed package."

    • The Goal: To get you to open a file that installs malware or a "keylogger" (which records everything you type).

  • The "Social Media Alert":

    • The Tactic: A notification claiming someone tagged you in a photo or sent you a private message.

    • The Goal: To exploit your curiosity and lead you to a site that steals your social media login.


☣️

Part 2:Malware Warning Signs

If your device starts doing any of the following, stop what you are doing:

  • Performance: Drastic slowdowns or "freezing."

  • Pop-ups: Random ads or fake "Virus Detected" warnings appearing on your desktop.

  • Battery/Fan: The device is getting hot or the battery is draining for no apparent reason.

  • Access: You are suddenly locked out of folders or files.


What to Do If You Suspect a Threat

  1. Stop: Do not click any links, download attachments, or enter any credentials.

  2. Verify: If the email claims to be from a colleague or a known brand, contact them through a separate, known-good channel (like a phone call or a new email you draft yourself).

  3. Report: Use the "Report Phishing" button in your email client or forward the email to the Information Technology Department.

  4. Disconnect: If you suspect malware has already been installed, disconnect from the Wi-Fi immediately to prevent the spread and alert IT.


☣️ Common Malware Delivery Tactics

  • Macro Malware: You open an Excel or Word doc that asks you to "Enable Content." Once you click that button, a hidden script (malware) runs in the background.

  • Drive-by Downloads: You visit a website—sometimes even a legitimate one that has been hacked—and malware starts downloading automatically without you clicking anything.

  • Software Updates: A pop-up appears while you're browsing that says "Your Chrome is out of date" or "Flash Player required." Clicking "Update" installs a virus instead.