A phishing email is a fraudulent attempt to obtain sensitive information, such as login credentials or financial details, by pretending to be a trustworthy entity, such as your bank, a colleague, or a familiar company.

Keep in mind: Helpful tips are included in the IT Orientation folder located on your laptop's desktop. Feel free to take a look!

Common signs of a phishing email:

• Unknown Sender: Emails from unfamiliar senders or entities that don’t match the usual contacts you deal with.

• Mismatched Sender Address: The email address may look official but has subtle typos (e.g., admin@paypall.com instead of admin@paypal.com.)

• Urgent or Threatening Language: Claims like “Your account will be locked” or “Action required immediately.”

• Suspicious Links: Hover over links to check if the URL matches the stated destination. A phishing link often looks unusual or unrelated.

• Unexpected Attachments: Files with extensions like .exe, .zip, or .docm can contain malware.

• Requests for Personal Information: Legitimate companies will not ask for sensitive information via email.

What should I do if I receive a phishing email?

• Do Not Click on Links or Download Attachments.

• Report It: Use the Phish Alert button in Outlook, located in the ribbon.

  • By clicking on the Phish Alert Button, the email will be forwarded to helpdesk@acord.org and will be deleted from your inbox.
  •  If the Phish Alert button is not visible, please refer to these self-help instructions: Missing-Microsoft-Teams-or-Phish-Alert-Add-in

What if I clicked on a phishing link?

• Disconnect from the internet immediately.

• Report the incident to the helpdesk team right away. 

• If credentials were entered, change your password and authenticate through Multifactor Authenticator if available.

• Inform your IT team if you believe your account or system has been compromised.

Detailed Guidance and Best Practices

How to Spot a Phishing Email:

1. Verify the Sender: Always double-check the sender’s email address. Fraudsters often create emails that look official at first glance.

2. Examine the Content: Watch for grammatical errors, awkward phrasing, or unprofessional formatting.

3. Hover Over Links: Before clicking on any link, hover over it to view the actual URL. Avoid clicking if the link looks suspicious or doesn’t match the sender’s organization.

4. Be Wary of Unsolicited Emails: If you didn’t expect an email from a sender, approach it with caution.

Red Flags in Emails:

• Requests for passwords, credit card numbers, or other sensitive information.

• Claims that you’ve won a prize or lottery.

• Requests for urgent actions to avoid consequences.

Preventative Measures for Employees:

1. Enable Multi-Factor Authentication (MFA): This adds an extra layer of protection even if credentials are compromised.

2. Use Strong Passwords: Avoid using the same password for multiple accounts.

3. Stay Informed: Attend company security training and read internal IT security updates.

4. Trust Your Instincts: If something feels off, verify directly with the supposed sender using official contact details.

If unsure of an email's legitimacy, submit a ticket to ACORD Helpdesk through this link acordhelpdesk.zendesk.com/hc/en-us/requests/new or email helpdesk@acord.org