Articles in this section

Phishing & Email Security: Identifying Threats

Published:

Phishing is one of the most common security threats. This guide helps you recognize phishing attempts, verify suspicious messages, and respond safely.

What is Phishing?

Phishing is the use of fraudulent emails designed to steal login credentials, financial information, or personal data.

Red Flags

Suspicious Email Signs

  • Urgency or threatening language
  • Requests for passwords or sensitive info
  • Suspicious sender address
  • Generic greeting (“Dear User”)
  • Poor grammar or spelling
  • Unexpected attachments
  • Suspicious links
  • Requests for verification

Fake Links

  • Hover to see the actual URL
  • Mismatched domain name
  • Shortened URLs that hide the destination
  • Different subdomain than expected
  • HTTP instead of HTTPS

Suspicious Attachments

  • .exe, .zip, .scr files
  • Unexpected file types
  • Double extensions (.pdf.exe)
  • Macro-enabled Office files
  • Unusual file sizes

Verification Steps

Before Clicking

  1. Hover over links to see the URL
  2. Check the sender’s email address
  3. Look for spelling errors
  4. Verify the request is legitimate
  5. Never click if you are unsure

Contact Verification

  1. Don’t reply to the suspicious email
  2. Contact the organization directly
  3. Check the official website
  4. Use a known phone number
  5. Verify the request’s legitimacy

If You Click a Suspicious Link

Immediate Actions

  1. Don’t enter credentials
  2. Close the browser or tab
  3. Don’t open attachments
  4. Report to IT/security
  5. Run a malware scan

If Credentials Are Exposed

  1. Change your password immediately
  2. Enable MFA
  3. Monitor account activity
  4. Report to the security team
  5. Check your other accounts

Common Phishing Scams

Account Verification

  • Fake login pages
  • “Unusual activity” alerts
  • Requests to verify account information
  • Requests to confirm payment methods

CEO Fraud

  • Requests appearing to come from executives
  • Urgent fund transfers
  • Wire transfer requests
  • Unusual payment demands

Package Delivery

  • Fake shipping updates
  • “Delivery failed” notices
  • Links to reschedule or update delivery
  • Suspicious tracking links

Protection Measures

Email Filters

  • Use a spam filter
  • Enable threat protection
  • Create email rules
  • Block suspicious senders

Best Practices

  1. Verify the sender address
  2. Never trust urgency
  3. Avoid clicking links
  4. Use official websites
  5. Report suspicious emails

Reporting

  1. Mark the email as phishing
  2. Report to IT security
  3. Don’t forward it to others
  4. Keep the email as evidence
  5. Follow company policy

Contact

For security incidents, reach our team:

Email: Team@alcousa.org

Phone: +1(208) 391-7176

Hours: Monday-Friday, 8 AM - 6 PM EST

Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Access denied
Access denied