Teams with red arrow need to familiarize yourself with phishing attacks. What is phishing? • • • Phishing is the act of pretending to be someone/something to get information, in most cases, this is usually a password. Attackers may send links or attachments designed to infect the recipient's system with malicious software or lure them into providing financial information, system credentials or other sensitive data. Successful phishing attempts can cost companies like Mastercard millions of dollars and put our employees at risk. So it’s very important that we keep the business and our staff safe from harm. Learn to spot phishing emails Suspicious looking source email address. There is a typo in the email address. You can also see that it is coming from gmail, not a Mastercard email. The subject line says URGENT! 12 Step on how do we stop getting phished 1. Be Skeptical of Unsolicited Communications: Whether it's an email, text message, or phone call, be cautious when you're contacted unexpectedly, especially if it's asking for personal information or urgent action. 2. Verify the Sender's Identity: Check the sender's email address or phone number. Phishers often use email addresses that mimic legitimate ones but may have small variations or misspellings. 3. Think Before Clicking: Hover over links before clicking them to see the actual URL. If it looks suspicious or doesn’t match the supposed sender, avoid clicking. 4. Watch out for Urgent or Threatening Language: Phishing emails often create a sense of urgency or fear to prompt immediate action. Be wary of messages that threaten dire consequences if you don't act quickly. 5. Avoid Sharing Personal Information: Legitimate organizations won’t ask for sensitive information like passwords, credit card numbers, or social security numbers via email or text. 6. Use Multi-Factor Authentication (MFA): Enable MFA wherever possible. This adds an extra layer of security even if your password gets compromised. 7. Update Security Software Regularly: Keep your antivirus, antimalware, and firewall software up-to-date to help protect against known phishing threats. 8. Educate Yourself and Others: Stay informed about the latest phishing tactics and share this information with friends, family, and colleagues to raise awareness. 9. Use Strong Passwords: Create unique, complex passwords for different accounts and consider using a password manager to keep track of them securely. 10. Report Suspected Phishing Attempts: If you suspect an email or communication is a phishing attempt, report it to the appropriate authorities or the organization being impersonated 11. Look for Spelling and Grammar Mistakes: Many phishing attempts contain spelling or grammar errors. Legitimate communications from reputable organizations typically undergo professional proofreading. 12. Verify Requests for Financial Transactions: If you receive an unexpected request for a financial transaction or change in payment details, verify it directly with the organization through a trusted contact method. 1. 2. 3. 4. 5. 6. 7. Think Before Clicking: Hover over links before clicking them to see the actual URL. If it looks suspicious or doesn’t match the supposed sender, avoid clicking. Watch out for Urgent or Threatening Language: Phishing emails often create a sense of urgency or fear to prompt immediate action. Be wary of messages that threaten dire consequences if you don't act quickly. Avoid Sharing Personal Information: Legitimate organizations won’t ask for sensitive information like passwords, credit card numbers, or social security numbers via email or text. Use Multi-Factor Authentication (MFA): Enable MFA wherever possible. This adds an extra layer of security even if your password gets compromised. Update Security Software Regularly: Keep your antivirus, anti-malware, and firewall software up-to-date to help protect against known phishing threats. Educate Yourself and Others: Stay informed about the latest phishing tactics and share this information with friends, family, and colleagues to raise awareness. Use Strong Passwords: Create unique, complex passwords for different accounts and