Recognizing and Avoiding Phishing Emails

Email is vital for scientific collaboration, research sharing, and networking but is also a prime target for phishing attacks—deceptive emails that exploit trust and urgency. These attacks often mimic colleagues, service providers, or even friends.

A brief pause to verify the sender, hover over links, or question unusual requests can safeguard your data and our organization's security.

1. Inspect the Sender's Email Address:Verify the sender's email address. Phishing emails often use similar-sounding or misspelled addresses to imitate legitimate sources.
   
   
2. Check for Personalization:Legitimate emails from reputable sources usually address you by your full name. Be cautious if the email uses generic greetings like "Dear Customer" or "Dear User."
   
   
3. Hover Over Links Before Clicking:Hover your mouse over any links in the email to preview the actual URL. Ensure it matches the expected website and doesn't redirect you to a suspicious domain.
   
   
4. Examine the Email Content:Look for grammatical errors, awkward language, or unusual formatting. Legitimate organizations usually maintain a professional tone and quality in their communications.
   
   
5. Beware of Urgency or Threats:Phishing emails often create a sense of urgency or threaten dire consequences to prompt immediate action. Be skeptical of emails pressuring you to click on links or provide personal information urgently.
   
   
6. Avoid Clicking on Unexpected Attachments:Do not open attachments from unknown or unexpected sources. Malicious software can be delivered through infected attachments.
   
   
7. Verify Requests for Personal Information:Legitimate organizations typically do not request sensitive information, such as passwords or credit card details, via email. Be cautious if an email asks for such information.
   
   
8. Use Two-Factor Authentication (2FA):Enable 2FA whenever possible. Even if your login credentials are compromised, having an additional layer of authentication adds extra security.
   
   
9. Keep Software and Security Measures Updated:Regularly update your operating system, antivirus software, and other security tools to ensure you have the latest protection against potential threats.
   
   
10. Educate Yourself and Stay Informed:Stay informed about common phishing tactics. Regularly educate yourself and your team on the latest phishing techniques and how to recognize them.
    
    
11. Use Email Security Features:Enable built-in email security features provided by your email service provider. These features can often identify and filter out potential phishing emails.

Remember, staying vigilant and skeptical while interacting with emails can significantly reduce the risk of falling victim to phishing attacks. If in doubt, contact the sender through a separate, trusted communication channel to verify the legitimacy of the email. 

You can report any phishing emails through Mimecast. Read here for those features.