Recognize and Report Phishing - Week 3

Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. It’s important every individual stop and think before clicking on a link or opening an attachment and know how to spot red flags. Cybersecurity Awareness Month 2023 guidance provides the tools needed to recognize and report phishing it to their organization or email provider.


Phishing occurs when criminals try to get you to open harmful links or attachments that could steal personal information or infect devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get you to respond. The good news is you can avoid the phish hook and keep accounts secure!


1. Recognize - Look for these common signs:
  • Urgent or alarming language
  • Requests to send personal and financial information
  • Poor writing, misspellings, or unusual language
  • Incorrect email addresses, domain names, or links (e.g.
2. Report - If you suspect phishing, report the phish to protect yourself and others.
  • Know your organization’s guidance for reporting phishing. If your organization offers it, you may find options to report via the “report spam” button in your email toolbar or settings.
  • For personal email accounts, you may be able to report spam or phishing to your email provider by right-clicking on the message.
3. Delete - Delete the message. Don’t reply or click on any attachment or link, including any“unsubscribe” link. Just delete.


  • 72% of respondents reported that they checked to see whether messages were legitimate (i.e.phishing or a scam) compared to 15% who reported not doing so. (NCA)
  • 47% of the participants said they used the reporting capability on a platform (e.g. Gmail, Outlook)“very often” or “always”. (NCA)