Phishing Awareness Guide
Overview
Phishing is a cyber-attack where malicious actors attempt to deceive users into sharing sensitive information, like passwords, credit card numbers, or personal data. These attacks often appear as emails, texts or fake websites that seem legitimate but aim to compromise your security. This guide provides key steps to help you recognize, avoid and respond to phishing attempts.
1. Recognizing Phishing Attempts
Phishing messages often display similar warning signs:
-
Unusual Sender: Check the sender's email address closely. If it doesn't match the company's domain (Example: "@ariswater.com, @microsoft.com. @adobe.com) it is more than likely a scam.
-
Urgent Language: Phishing emails often use urgent language like "Act Fast", "Act Now" or "Immediate Action Required" to pressure you.
-
Suspicious Links or Attachments: Hover over any links without clicking to reveal the URL. If the link address doesn't match the company's website or seems strange, DO NOT CLICK.
-
Poor Grammar and Spelling: Many phishing messages contain grammatical errors, misspellings, or awkward phrasing.
-
Requests for Sensitive Information: Legitimate organizations rarely ask for sensitive information via email. Be cautious of messages asking for usernames, passwords, or payment details.
2. Avoid Phishing Traps
Follow these best practices to minimize the risk of falling for phishing attempts:
-
Verify the Sender: if you receive a suspicious message, don't respond or click any links. Instead, verify by contacting the organization directly through official channels.
-
Use Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring an additional verification step beyond just your password.
-
Install Security Software: Enable anti-phishing filters and maintain up-to-date antivirus software to help detect phishing sites.
-
Educate Yourself: Regularly participate in phishing awareness training and stay updated on common phishing tactics.
3. Steps to Take if You Suspect Phishing
-
Do not Interactor with the Message: Avoid clicking any links, downloading attachments, or replying to the sender.
-
Report the email: Use our Aris Outlook "Report Phishing" option or report directly to itsupport@ariswater.com
-
Change Your Passwords: If you clicked a link or entered information, immediately change your passwords, starting with any accounts that may have been compromised.
-
Monitor your Accounts: Keep an eye on your email, bank, and other accounts for suspicious activity, and enable alerts for login attempts or changes.
4. Examples of Common Phishing Scenarios
-
Fake Payment Notifications: An email that claims you made a purchase or received a refund. It often includes a link to "view your invoice", which leads to a fake login page.
-
Suspicious Security Alerts: A warning email claiming that there's been unusual activity on your account. It may prompt you to verify your information on a fake website.
-
Urgent Account Suspension Warnings: A message claiming that your account will be deactivated unless you confirm your details. This tactic is used to pressure you into acting without thinking.
Examples of Real Life Phishing attempts you may encounter: 10 common phishing email examples to avoid phishing scams