Phishing Awareness: Spot, Avoid, Protect

Phishing Awareness: Spot, Avoid, Protect

PMIT

What is Phishing?

Phishing is a cyberattack where scammers impersonate trusted entities via emails or websites to trick individuals into revealing sensitive information like passwords, credit card details, or personal data. The goal is to steal valuable information or gain unauthorized access to systems.

PMIT

PMIT

What Are The different types of Phishing ?

EMAIL Phishing This common phishing method uses deceptive emails posing as trusted sources, like banks or social platforms. Clicking links or attachments leads to fake sites designed to steal your information. Spear Phishing Spear phishing is a targeted attack using personalized content based on social media research. Attackers trick victims into logging into fake sites or opening links that install malware, allowing remote control of the infected device. Clone Phishing This attack mimics a legitimate email you've received, replacing links or attachments with malicious ones. Since it appears from a trusted source, it's highly convincing.

PMIT

What Are The different types of Phishing ?

Smishing (SMS Phishing) Smishing is phishing via SMS, tricking victims into revealing personal data. Preventive Measures Leadership will never request sensitive info via text. Report any such messages to IT and your supervisor immediately. Vishing (Voice Phishing) Vishing is a phone-based scam where attackers pose as trusted entities, like banks or government agencies, to steal sensitive information like Social Security numbers or credit card details. Search Engine Phishing Attackers manipulate search engine results to make malicious websites appear at the top of search listings for popular queries. Users may unknowingly click on these links, leading them to phishing sites.

PMIT

Phishing Email Red Flags: How to Spot and Avoid Scams

Check the Senderʼs Email Address Verify the sender's email for misspellings or suspicious domains—legitimate organizations use official addresses.

Examine URLs Carefully Hover over email links to preview the URL—ensure it matches the expected domain and avoid shortened links.

Look for Grammatical and Spelling Errors Phishing emails often have typos, grammar errors, or awkward language—watch for these red flags.

PMIT

Phishing Email Red Flags: How to Spot and Avoid Scams

Verify Requests for Personal Information Verify requests by calling the organization or visiting their official website—never use links or numbers from the email.

Avoid Suspicious Attachments & Pop-Ups Don't open unexpected attachments or enter sensitive info in email pop-ups—both may contain malware or be phishing attempts.

Beware of Urgent or Threatening Language Phishers create urgency or threats to pressure you into quick action. Beware of emails claiming account suspension or legal action.

PMIT

Examples of Actual Phishing Attacks Sent to PM Staff

From: Dwayne Jones [phishing@gmail.com] Sent: Monday, April 24, 2023 12:58 PM Subject: Preventive Measures CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders. Hello, I want you to help me with something urgent, are you there?

1. If the sender's name doesnʼt match the email address, double-check for inconsistencies. Scammers often use similar-looking domains to impersonate trusted sources. Preventive Measures staff always use “@preventivemeasuresinc.com” emails—verify before responding.

2. We have added a visual clue to ALL external emails. A highly visible banner at the top that alerts our employees when an email is NOT from a member of Preventive Measures

3. Hackers like to use shock value in their attempts to grab the recipientʼs attention and create a sense of urgency.

PMIT

Examples of Actual Phishing Attacks Sent to PM Staff

From: Erin Harris humphiresshara@gmail.com Date: Thursday, August 31, 2023, at 8:16 AM To: @preventivemeasuresinc.com Subject: Immediate Action Required CAUTION: This email originated from outside your organization. Exercise caution when opening attachments or clicking links, especially from unknown senders. Hello, I'm tied up in back-to-back meetings all day and have an urgent matter that needs your immediate attention. Kindly re-confirm your cell number, so I can text you the details. Time is of the essence, and I trust you to handle this promptly. Best Regards, Erin Harris Sent from my Mail.

This example shows an attempt to impersonate corporate staff using a public email like Gmail, triggering an external caution banner. Despite correct grammar, the urgency and request for personal contact info are red flags—if they have your email, why ask for your phone number?

PMIT

FOOTER

Friendly Reminders

Ask Yourself: Was I expecting this message? Does this email make sense? Am I being pushed to act quickly? Examine the email and look for: Sense of urgency, Unsolicited request of personal information, Generic greeting/ signature, Unfamiliar links, or attachments Contact the sender of the message through a trusted channel: If an email looks legitimate but feels suspicious, verify by calling the sender using a trusted number or sending a new email to their official address from your contacts. **Do not reply directly** to the suspicious message.

PMIT

Report Suspected Phishing Email

How to report an email:

1. Open Outlook and select the email you want to report
2. Go to Home
3. Click the Report button in the top ribbon
4. Select Report phishing from the drop-down menu

PMIT

Report Suspected Phishing Email

How to report an email:

1. Open Outlook and select the email you want to report
2. Go to Home
3. Click the Report button in the top ribbon
4. Select Report phishing from the drop-down menu

PMIT

PMIT