What are phishing emails
Phishing is a technique that hacker may use to try and trick an employee into providing sensitive information that the attacker should not know such as usernames, passwords, or other confidential details. They are very common and many people click them because they mimic a trustworthy sender.
Reporting a phishing email
All emails you receive that appear to be phishing should always be reported to IT for analysis. The easiest and simplest way to achieve this is to use a button in Microsoft Outlook called Phish Alert.
The button can be found in on the Home tab. If you double-click on any email in Outlook, the new message window will also have the button on the Message tab.
Example Phishing Email
Lets start with an example phishing email and how it would appear.
From: IT <payroll@xgsi.com>
CAUTION: This email originated outside of our organization. DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.
TIMECARD APPROVAL
Please review your timecard for the Current Pay Period.
All employees are required to review and approve their timecard to ensure appropriate payment. Per policy, employees are responsible for reporting all errors and/or omissions on each timecard on or before payroll week.
Please open your browser to the payroll portal to Review and Approve your Timecard.
TIMECARD IT HELP
There are a few things in this phishing email that make it obvious that this is a phishing attack and should be reported. Lets go over them.
- payroll@xgsi.com would not be sent from the display name IT
- IT would not instruct you to perform a task in a service that HR manages
- This email claims to be coming from the internal domain @xgsi.com. Despite this, the CAUTION banner that this email originated from outside of our organization was added to this email. This should alert you that it is not a real internal email and that it is being spoofed.
- Employees would not approve their own timecard. Managers and supervisors would do this.
- The email utilizes very generic wording and never refers to the payroll service XGS uses by name.
Any of these details alone would make this email highly suspicious and would be reason to report the email to IT for analysis.
There is no prerequisite before you may notify IT about a suspected phishing email. The phishing email above is just an example with several blatant “red flags” at once. A suspected email could have two “red flags” or none at all.
If the email seems suspicious, use Phish Alert to report it.
How to use Phish Alert
Here is how to report a suspicious message with Phish Alert in 3 easy steps:
- Select the suspect email in your inbox (Do not try to select or click the suspicious file or link within the email)
- At the top left of Outlook select Home and then click Phish Alert from the row of buttons at the top of outlook.
- Click Yes on the confirmation prompt that appears
Once that is done, you have successfully reported a phishing email to IT. Our system will review the email and determine the risk level and notify us immediately if the email you reported is considered a threat to our network. If the email was part of our simulated phishing training, then you will receive a message congratulating you reporting it.
If you are unable to see the phish alert button in your Outlook; please send a ticket to helpdesk@xgsi.com.