Phishing & Email Security: Identifying Threats
Published:
Phishing is one of the most common security threats. This guide helps you recognize phishing attempts, verify suspicious messages, and respond safely.
What is Phishing?
Phishing is the use of fraudulent emails designed to steal login credentials, financial information, or personal data.
Red Flags
Suspicious Email Signs
- Urgency or threatening language
- Requests for passwords or sensitive info
- Suspicious sender address
- Generic greeting (“Dear User”)
- Poor grammar or spelling
- Unexpected attachments
- Suspicious links
- Requests for verification
Fake Links
- Hover to see the actual URL
- Mismatched domain name
- Shortened URLs that hide the destination
- Different subdomain than expected
- HTTP instead of HTTPS
Suspicious Attachments
- .exe, .zip, .scr files
- Unexpected file types
- Double extensions (.pdf.exe)
- Macro-enabled Office files
- Unusual file sizes
Verification Steps
Before Clicking
- Hover over links to see the URL
- Check the sender’s email address
- Look for spelling errors
- Verify the request is legitimate
- Never click if you are unsure
Contact Verification
- Don’t reply to the suspicious email
- Contact the organization directly
- Check the official website
- Use a known phone number
- Verify the request’s legitimacy
If You Click a Suspicious Link
Immediate Actions
- Don’t enter credentials
- Close the browser or tab
- Don’t open attachments
- Report to IT/security
- Run a malware scan
If Credentials Are Exposed
- Change your password immediately
- Enable MFA
- Monitor account activity
- Report to the security team
- Check your other accounts
Common Phishing Scams
Account Verification
- Fake login pages
- “Unusual activity” alerts
- Requests to verify account information
- Requests to confirm payment methods
CEO Fraud
- Requests appearing to come from executives
- Urgent fund transfers
- Wire transfer requests
- Unusual payment demands
Package Delivery
- Fake shipping updates
- “Delivery failed” notices
- Links to reschedule or update delivery
- Suspicious tracking links
Protection Measures
Email Filters
- Use a spam filter
- Enable threat protection
- Create email rules
- Block suspicious senders
Best Practices
- Verify the sender address
- Never trust urgency
- Avoid clicking links
- Use official websites
- Report suspicious emails
Reporting
- Mark the email as phishing
- Report to IT security
- Don’t forward it to others
- Keep the email as evidence
- Follow company policy
Contact
For security incidents, reach our team:
Email: Team@alcousa.org
Phone: +1(208) 391-7176
Hours: Monday-Friday, 8 AM - 6 PM EST