Think Before You Click - Week 1

Recognize and Report Phishing

If a link looks a little off, think before you click.  It could be an attempt to get sensitive information or install malware.


    • Malware. A computer can be damaged or the information it contains harmed by malicious code (also known as malware).  A malicious program can be a virus, a worm, or a Trojan horse.  Hackers, intruders, and attackers are in it to make money off these software flaws.
    • Identity Theft and Scams. Identity theft and scams are crimes of opportunity, and even those who never use computers can be victims.  There are several ways criminals can access your information, including stealing your wallet, overhearing a phone call, looking through your trash, or picking up a receipt that contains your account number.  
    • Phishing. Phishing attacks use emails, texts, and malicious websites that appear to be trusted organizations, such as charity organizations or online stores, to obtain user personal information.


Phishing attacks collect your personal and financial information using email, text, or malicious websites to infect your digital devices with malware.  Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers or mobile phone and makes the user vulnerable to an attack.  Think twice because cybersecurity is the collective responsibility of everyone.  Phishing emails or texts may appear to come from a trusted financial institution, e-commerce site, a government agency, or any other service, business, or individual.  The email or text may ask for account numbers, passwords, or Social Security Numbers.  When users respond or click on a link, attackers take the data to access users’ accounts.


Phishing is one of the most common forms of cyber scams that you are likely to experience.  The key is that both emails and texts should come from a trusted source.  Know what to look for—here are examples of phishing that might be seen in an email to lure you in:

    • Play hard to get with strangers. Links in emails, texts and online posts are often the way cybercriminals compromise your devices.  If you are unsure who the message is from—even if the details appear accurate—do not respond, and do not click on any links or attachments—just delete it.  Be cautious of generic greetings, as these are often phishing attempts. If you question the message,
      call the company directly.
    • Think before you act.  Be wary of messages that implore you to act immediately, causing you to fear your account is in jeopardy.  If you receive a suspicious message that appears to be from someone you know, reach out to that person directly on a secure platform.  If a message is from an organization, but still looks “phishy,” reach out to the organization to verify the message.
    • Check hyperlinks.  Avoid clicking on hyperlinks in messages, and hover over links to verify authenticity.  Ensure that webpage URLs begin with “https.”  The “s” indicates encryption is enabled to protect users’ information.
    • Once you post on the internet it is there forever. Keep personal information to yourself.  If people have key details from your life like your job title, full name, birthdate and more, they can attempt a direct “spear-phishing” attack on you.  Criminals can also use social engineering with these details to try to manipulate you into skipping setting up normal security protocols.  In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.
    • Be alert for suspicious emails.  If you receive an e-mail from a known vendor that seems suspicious, encouraging you to click on a link to your account, do not click on the link or call the number in the email.  Instead, login directly to your account to verify if there are any issues with your account or call the company using the number listed on their website.