Phishing and Suspicious Emails

Modified on Wed, Nov 1, 2023 at 1:52 PM

TABLE OF CONTENTS


What is Phishing?

Phishing is a type of cyberattack that tries to trick you into revealing sensitive information, such as your passwords, credit card numbers, or social security number. Phishing attacks can come in the form of emails, text messages, phone calls, or even fake websites.


Phishing attacks are often very convincing, and they can be difficult to spot if you're not careful. The attackers may try to make you think that the email or text message is from a legitimate company, such as your bank or credit card company. They may also try to create a sense of urgency, so that you're more likely to click on a link or open an attachment without thinking.


Tips and Best Practices

  • Be suspicious of any email or text message that asks for personal information. Legitimate companies will never ask for your passwords or other sensitive information via email or text message.
  • Be suspicious of any email or text message from a co-worker that asks you to do something you don't normally do, or seems out of character for the sender.
  • Spelling and grammar mistakes are not commonly made due to spell-checking features.  An email with spelling errors or awkward grammer might be a sign the email or text message might be from an attacker.
  • ALWAYS be cautious of attachments, especially if you were not expecting them.  
  • If you're not sure whether an email or text message is legitimate, hover over the links to see the actual URL. If it's not from the company that the email or text message is claiming to be from, don't click on it.
  • Never open attachments from unknown senders.
  • If you're unsure whether a website is legitimate, type the URL into your web browser directly, instead of clicking on a link in an email or text message.

Phishing Tests and Reporting Email

The organization conducts regular testing of employees to sharpen your skills in identifying phishing attacks.  You are the first and best defense against the most common form of cyberattack.


If you receive an email that seems suspicious, you can report it.


"Fish Hook" Tool

In gmail on your computer, while viewing the suspicious email, click the "fish hook" tool on the right side of the screen.  If you want to report it, click the blue Phish Alert button.  If this email was part of KnowBe4's phishing test, it will tell you that this was a test and good job for spotting it.  


NOTE: If clicking the fish hook tool asks you for a registration or serial #, please email [email protected] to have the tool activated.


If the reported email was not part of a KnowBe4 test, the suspicious email will be reported for analysis. 



Google's "Report Phishing" Tool

Sometimes an email can't be reported using the fish hook tool.  These are usually not tests from KnowBe4, but could be spam or newsletter email.  You can use Google's "report phishing" tool to report the email to Google for analysis.


In gmail on your computer, while viewing the suspicious email, click on the three dots to the right of the date and time the email was received.  


Then, click Report Phishing.



Getting Help

If you clicked on links or opened attachments, please contact the helpdesk by sending an email to [email protected] (you can use a personal account if you are not able to access your work account).  


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article