Familiarize yourself with phishing attacks HR &

Marketing Teams.
What is phishing?
● Phishing is a cybercrime where attackers try to trick you into revealing sensitive information like passwords, credit card details, or
personal data. They often pose as legitimate companies or organizations in emails, texts, or phone calls.
● Here's how to help HR and Marketing identify phishing attempts:
● Common Signs of Phishing Emails:
• Urgency and Pressure: Phishing emails often create a sense of urgency, threatening to close accounts, lock access, or demanding
immediate action.
• Generic Greetings: They might address you with generic terms like "Dear Customer" instead of your actual name.
• Suspicious Links: Don't trust links within the email itself. Hover over the link to see the actual URL; it might not match the displayed
text.
• Grammatical Errors and Typos: Legitimate companies typically have good email hygiene and avoid typos or grammatical errors.
• Sender Address Mismatch: The sender's email address might look similar to a legitimate company but have a misspelling or use a free
email service like Gmail instead of the official company domain.
• Unrealistic Attachments: Be wary of unexpected attachments, especially if you weren't expecting any files.
Learn to spot phishing emails

• Be Skeptical: Don't assume every email is legitimate. Double-check the sender's address
and hover over links before clicking.
• Verify Information: If the email claims to be from your company's IT department or
another internal source, contact them directly through a trusted channel (phone or in-person)
to confirm its legitimacy.
• Don't Enter Personal Information: Never enter passwords, credit card details, or any
sensitive information through links in emails.
• Report Phishing Attempts: Report suspicious emails to your IT department so they can
take action and educate others.
How do we stop getting phished?
• Educate Employees: Regularly train employees on phishing tactics and how to identify them.
• Implement Email Filtering: Use spam filters and email security software to catch phishing
attempts before they reach inboxes.
• Strong Password Policy: Enforce strong password policies with regular updates to minimize the
risk of compromised accounts.
• Multi-Factor Authentication: Implement multi-factor authentication (MFA) for added security
when accessing sensitive accounts.