Phishing is the fraudulent attempt to obtain confidential information such as password or user account by faking identity and disguising.
Here is an example of a phishing email:
At this point, nothing look really suspicious yet. That’s why everyone should always be attentive and vigilant to any email received.
When opening the email here is what we see:
Here are the few things to look at carefully:
- Sender email
This is the first thing to check: the name displayed (here OFFICE) means nothing and can be easily changed.
In above case, the email zz01[at]zbcf[dot]ca is clearly not a trustworthy one.
However, some case might be trickier to detect, for example using @archetype-gr0up.com instead of @archetype-group.com (letter o and number 0 are exchanged). Take also care of special/accentuated characters. - Links destination
If the email contains links, be even more suspicious.
Place your cursor over the link and check its destination (often showing in the bottom left of the window but depends on the browser).
In above case, the destination is to pop25.3utilities.com website, clearly not related to Microsoft. - Content
Always read carefully the content of the email several times to detect incoherence’s.
In above case, it’s mentioned that access to the inbox has been blocked, but you can still read this email… - Login
If you reach a login page, ensure that it is the official Microsoft one from the address bar:
If anything look suspicious, please get in touch with IT.
Please also help to filter those threat out of everyone’s mailboxes by flagging those emails as Junk/Phishing
This will help to improve automatic filtering by our mail server for later cases.
Thanks for your attention and keep in mind that digital security is everyone’s responsibility.