You have fallen for a simulated phishing email attack coordinated by the Signature IT department and the Department of Homeland Security. Had this been an actual attack you may have triggered a virus or Ransomware attack on Signature or possibly your personal information.
This is a training exercise and we are not tracking individual results. We look at the summary data to gauge the overall status of Signature.
Phishing attacks use email or malicious websites to gain personal or company information by posing as a legitimate organization or person. Often these will appear to come from credit card companies or a healthcare organization you regularly work with. In some cases they will even appear to be from coworkers or management.
Things to watch for:
- Verify the From email address is actually who it claims to be. If you don’t see the actual address, you can hover the mouse over the address, or sometimes there is a “Detail” link or some other way to view the actual sender’s address.
- If there are links in the email, hover the mouse over the links to display the web address for the link. If you don’t recognize the address, don’t click on it.
- Check for misspelling and bad grammar. Often these attempts are from other countries and a bad translation can give it away. Likewise, the logos and graphics may be a poor imitation of the actual company’s logo.
- Ask yourself if you would expect this email from the sender. Is this email unusual or unexpected? If so, contact the person through other means to verify the email is legitimate.
- Often phishing emails will have a sense of urgency. It needs to be resolved today or even within the hour. This is to trick you into following the instructions before you get to thinking about it. And also because they can’t stay in one place for too long.
Any time you get an email that seems unusual please stop and verify it by contacting the sender through other means. Or contact your IT support to have them verify its authenticity.