Phishing Awareness | Security Awareness

1. What is Phishing?

Phishing is a type of cyber attack where attackers try to trick you into sharing sensitive information such as passwords, OTPs, or bank details.

These attacks usually come through emails, messages, or fake websites that look like they are from trusted organizations.

2. Common Types of Phishing

Email Phishing: Fake emails pretending to be from banks, HR, or IT teams.
SMS Phishing (Smishing): Messages asking you to click links or share OTPs.
Voice Phishing (Vishing): Phone calls pretending to be support teams.
Fake Websites: Websites that look real but steal your credentials.

3. Warning Signs of a Phishing Attempt

Urgent or threatening language
Unexpected attachments or links
Requests for passwords or OTPs
Spelling or grammar mistakes
Sender email address looks suspicious

4. What You Should Do

Do not click on suspicious links
Do not download unexpected attachments
Never share passwords or OTPs
Report suspicious emails to the IT/Security team

Phishing emails do not always show obvious links. Attackers often hide malicious links behind buttons, images, or simple text such as "Click here" or "View invoice".

Always remember: if something is clickable, it can be a link.

Hover your mouse over buttons, images, or text to check where they actually lead before clicking.

5. Remember

Attackers rely on fear and urgency. Always take a moment to verify before taking any action.

Phishing Prevention Checklist

Before clicking a link or opening an attachment, take a moment to go through the checklist below.

Pause and think before taking any action
Check the sender’s email address carefully
Hover over links to see where they actually lead
Do not open unexpected attachments
Never share passwords or OTPs over email or messages
When in doubt, verify with the sender through another method
Report suspicious emails to the Security or IT team

By following these simple steps, you help protect yourself and keep the organisation secure.