How to Spot Phishing Emails


    The #1 method for cyberattacks is phishing emails. The best defense is to train yourself to think critically about the emails you receive before clicking, providing information, or opening attachments. 

    Tips for Identifying Phishing Emails:

    • Verify the sender and their email address. Spoofing is a common tactic that uses look-alike email addresses to make you think the message is coming from someone you know. Verify that the email address is correct. Look at the actual email address and not just the name that is displayed. Do you see misspellings or additional words or characters? For example, (incorrect)  instead of (correct).

    • Beware of urgent calls to action. Scammers often try to scare you into providing personal information by creating a sense of urgency. These often include statements like, “Your account has been hacked,” “Your account is expiring,” “This requires your immediate attention.” 

    • Beware of hyperlinks. They may lead you to fraudulent sites and try to get you to enter your personal information. Hover over hyperlinks to verify their authenticity before you click.

    • Beware of attachments. A Word document or other file can contain malicious code and viruses designed to attack computers and networks. Only open attachments from trusted sources, and use caution when someone you don’t know sends you an attached file.

    • Be cautious of asks for personal information. If you think it is legitimate, instead of clicking on links or responding, go to the company’s website and contact them directly. Keep in mind a company or service will never ask for your “pin” or “password." Never provide that information.

    • Install and regularly update anti-virus software on all devices. This is an added level of protection in case we click on something we shouldn’t have. Technology Services updates anti-virus on all District computers and devices but not your personal devices.

    • Report suspicious emails and mark them as spam. For emails to your District account, use KnowBe4's Phish Alert Button (PAB) to report the email. Take the additional step to mark it as spam to avoid receiving similar emails in the future. 

    Check your skills:

    Tips from KnowBe4:

  • Poster describing how to not be a victim of phishing