Everyone with an email address receives phishing emails, at home as well as work. Here is a list of do's and don'ts culled from Navigating the Phishy Social Engineering Ocean by Cheryl Conley at https://medium.com/sans-security-awareness/navigating-the-phishy-social-engineering-ocean-5882e8965fa2:
- Check the From
address, be wary of fake or unknown domain names, and be sure the domain
- name properly
corresponds with the sender’s display name.
- “Mouse over”
links (hover over links with your mouse cursor) to see the real destination.
- Use a unique password
for each online account, and immediately change it if you suspect a
- breach. For added
protection, consider (1) using a passphrase and (2) implementing two-step
- Click links or
attachments unless you’re sure the message is from a trusted source.
- Give out personal
or private information to an unknown.
- Succumb to emails
just because the branding looks real or the sender appears to be someone
- you know.
- Click or call
listed phone numbers that are included in pop-up ads or threatening emails.
- Reply to phishing
Other red flags:
- Mismatched URLs —
hover your mouse over the link and compare the destination URL with the
- displayed URL.
- Poor grammar and
spelling could be an indicator.
- A request for
- Asking for money,
especially with urgency.
- An offer that
appears too good to be true.
- Unrealistic or
- Content just
doesn’t look right — trust your gut.