Phishing is a cyber attack where criminals impersonate legitimate organizations to trick you into revealing sensitive information, clicking malicious links, or downloading malware. 91% of data breaches start with a phishing email.

• Urgency & Pressure: "Act now!" "Within 24 hours!"
• Suspicious Sender: Check email address for typos
• Generic Greetings: "Dear Customer" vs your name
• Spelling Errors: Professional orgs proofread
• Requests for Sensitive Info: No legit company asks for passwords via email
• Suspicious Links: Hover to see real URL
• Unexpected Attachments: Especially .exe, .zip files
• Too Good to Be True: "You've won $10,000!"
• Threatening Language: "Account will be closed!"
• Mismatched Domains: Email from @amaz0n-security.net

• Verify Before You Click: Go directly to websites by typing URL
• Use Multi-Factor Authentication: Extra protection layer
• Keep Software Updated: Security patches are critical
• Use Password Managers: Unique passwords for every account
• Report Suspicious Emails: Forward to IT security team
• Trust Your Instincts: If it feels off, it probably is

• Email Phishing: Mass emails to thousands
• Spear Phishing: Targeted attacks using personal info
• Whaling: Attacks against executives
• Smishing: Phishing via SMS text messages
• Vishing: Phone calls impersonating organizations
• BEC: Business Email Compromise attacks

• Don't Panic: Quick action minimizes damage
• Disconnect Internet: Prevent malware spread
• Don't Enter Credentials: Close browser immediately
• Change Passwords: On a different clean device
• Run Antivirus Scan: Check for malware
• Report to IT Security: Notify immediately
• Monitor Accounts: Watch for unusual activity
• Enable MFA: Add extra security layer

• FTC: ReportFraud.ftc.gov
• IRS Phishing: phishing@irs.gov
• Anti-Phishing Group: reportphishing@apwg.org
• Check Compromises: haveibeenpwned.com
• Your IT Team: First line of defense!