Phished and spoofed email messages are designed to trick you into clicking on a malicious link or attachment or revealing private information and passwords.
The messages appear to be from known senders. Senders can spoof their email address to trick you into thinking the email was sent from someone you know or a brand or vendor you commonly work with.
Phishing emails often bypass the spam filter because the body of the message does not contain malicious software and the sending address is a valid email address.
Enter your email or any password when directed by an email link or attachment. Be cautious of document sharing links such as:
You should never need to enter your email password to access data that is shared with you. This is the most common way for a hacker to get access to your mailbox. Always VERIFY the document shared is valid by phone not by email.
Click on the links or attachments if the email is not requested or explicitly expected regardless of the sender. Always VERIFY BY PHONE, not by email. The hacker is on the other side of your reply.
Click on links or attachments from emails with scare tactics or statements of urgency.
Click on links or attachments from ANY vendor or prompt for a software update. Organizations commonly used include:
Go to a browser and manually navigate to the desired website, log in and confirm the information. For shipping tracking, go directly to the site and copy/paste the tracking number for confirmation.
Click on a link, download an attachment or enter your password on alert emails from soware providers, such as Microsoft, Dell or Anti-Virus providers.
They will NOT notify you of an incident by email. (For ex: Outlook /Email warnings, Windows update warnings, Virus warnings, etc..)
Accept social media invitations from the email link (Facebook, LinkedIn,etc). Go directly to the site and accept the invitation.
Trust the displayed senders name, even if it is from a colleague. Be aware of clever schemes that include links, attachments, or if they ask for money or confidential information. Always VERIFY by phone, not by email.