Oooooooops! You took the bait.

Yep, it’s true. You’ve been phished — and if this were a real attack, your information would now be in the hands of a cybercriminal. However, that’s not the case this time. 

But let’s take a moment and figure out what you missed in the phishing email so that next time (when it is a real social engineer) you don’t take the bait.

Let’s take a closer look at the email you clicked on.


Who is it addressed to?

Was it addressed to you or to someone else? Was the greeting generic? 

Are the addresses consistent?

Do the email signature, company name, and URL all match? 

What’s hiding below that link?

Does the link go to a page that would be expected from other info in the email? 

How much detail is there?

Phishing emails don’t have to be long and detailed. Sometimes short emails hide a lot. 

If you see something, say something

Reporting a potential phish helps the whole organization stay secure. But there are steps we can take before reporting every unexpected (or undesired) email. Take the time to go through these 7 questions before clicking links, downloading or opening files, and responding to emails. A moment of pause can save hours (and days) of headaches and other losses.

Quick Phishing Review

  1. Is it urgent, unexpected, asking for sensitive information, or unusual? 
  2. Did you know this person and does it match their usual tone?
  3. Do the URL and email match their email signature and company name?
  4. Have you checked the link or button? Does the URL match what it says it should?
  5. Are there grammar or spelling errors, including things like rn for m or 0 for O?
  6. Is the email too short to give any information? 
  7. Did they use your name or is it generic?