When you receive an email with links or attachments, before you click, first ask yourself three questions when deciding to click an email link or attachment:
1. Was I expecting an email from this person or organization?
ACTION: Carefully review the sender’s FROM: and REPLY TO: email addresses
2. Was I expecting a link or attachment in this email?
ACTION: Copy the link URL and paste it into a new browser window to verify where the link will take you. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.
3. If so, is the link or attachment what I was expecting to receive?
ACTION: If email seems suspicious and you’re unsure, reach out to the sender. Call them by phone or send a new email to them for verification (do not reply to the original email in question).
Other Tips for Avoiding Being a Phishing Victim
Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
Before sending or entering sensitive information online, check the security of the website at https://www.virustotal.com/gui/home/url
What to Do if You Are a Victim
Report the incident to the Information Security team at firstname.lastname@example.org.
If you believe your financial accounts may be compromised, watch for any unauthorized charges to your account and contact your financial institution.