...
Info | ||
---|---|---|
| ||
Phishing attacks are common and routine - it's OK to err on the side of caution, and question the legitimacy of any email sent to you. If in doubt, call the person who sent you the email or SMS to validate it's authenticity, or contact the IT Service Desk. |
Some methods to recognise phishing emails
- Suspicious links or unexpected attachments - the links that appear in an email body may go to somewhere unexpected, always rest/hover your mouse over any links which will reveal the real web address and don't click any suspicious links.
- Unexpected or suspicious attachments - Word documents are regularly used to spread malware and viruses, if you receive an unexpected or suspicious attachment - do not open it.
- Urgent call to action or threats - be suspicious of any email that claims that you must click, call, or open an attachment with urgency. A common attack method is to claim something is time sensitive creating a false sense of urgency. Whenever you see a message calling for immediate action, pause, and look carefully at the message - are you sure it's real? Slow down and be safe.
- First time or infrequent sender - whilst it's not unusual to receive an email from someone new for the first time, especially if they are outside your organisation. New senders can be a sign of phishing campaign, so take a moment and examine the email carefully for suspicious links, what the sender address is.
- Mismatched email domains - if the email claims to be from a reputable company, like Microsoft or your NAB bank, but the email is being sent from another email domain like gmail.com, or microsoftsupportteam.com or thenabbank.com - it's a scam. Also be watchful for very subtle misspelling of a legitimate domain name, like micr0soft.com ("0" instead of "o") or naab.com.au (NAB business name doesn't have double "aa").
...