OH NO! You almost got phished!

Hero image of cyber criminal

Don't worry, you're safe.

This was just a simulation, not a real attack and we haven’t stored any of your personal information. It’s part of our ongoing effort to help you become more aware of cyber threats and protect yourself and your company. Let’s learn how to spot phishing attempts and keep your information secure.

What is phishing?

Phishing is a form of cybercrime where an attacker poses as a trustworthy source to trick you into revealing sensitive information, such as passwords or financial details. These attacks can come via email, text messages, social media, or even phone calls.

Here's how phishing typically works:

  • Mimicked Emails: Attackers create fake emails that look like they come from trusted sources like your bank, a colleague, or a popular service (e.g., Amazon, Microsoft).

  • The Bait: The email often urges you to take action—click a link, download a file, or verify your account information.

  • The Trap: Clicking these links may lead you to a malicious site or download malware that can compromise your device or steal your data.

Example: You receive an email from what appears to be your bank, asking you to "confirm your account details" by clicking a link. The link takes you to a fake website where your credentials are stolen.

Phishing for credentials
Phishing for information

Why do we run phishing email simulations?

Phishing simulations are a safe and effective way to train you to spot real phishing threats before they cause harm. They help you:

Identify Common Red Flags: Spot the differences between genuine emails and phishing attempts.

Practice Makes Perfect: The more you see these tactics, the better you become at identifying them.

Build Cyber Awareness: Protect yourself and our organisation from potential data breaches.

By participating in these simulations, you’re sharpening your ability to spot scams and helping us build a safer digital environment.

The impacts of Phishing: Why you should care?

Phishing is one of the most prevalent and costly types of cyberattacks for businesses with incidents commonly resulting in:

  • Data Theft: Personal and financial information can be stolen and sold on the dark web.

  • Identity Theft: Your identity could be used for fraudulent activities, damaging your reputation.

  • Financial Loss: Stolen information can lead to unauthorised transactions and financial harm.

Cyber criminal

Common phishing types to look out for

Warning email icon

Unexpected Requests and Sense of Urgency

Be cautious of unexpected emails or admin requests you haven't initiated. Phishing emails often pressure you to take immediate action: “your account will be suspended’ ‘click here to claim your prize!’ be sceptical of any email urging you to click a link or download a file quickly. take a moment to verify the sender before acting. Avoid unfamiliar file extensions (.exe, .zip) as they may contain malware. Phishing emails may also use shortened or disguised links—always hover over links to verify their destination. Take a moment to verify suspicious emails before acting.

Check text for errors icon

Suspicious Email Addresses and Domains

Incorrect email address, poor English, impersonal/ generic greetings
Phishing emails may us incorrect email addresses or suspicious/public domains (e.g., @m1crosoft0ffice or @gmail.com). They may be written with poor grammar, spelling mistakes, or awkward phrasing. Additionally, phishing emails typically use impersonal greetings like "Dear Customer" instead of addressing you by name.

Whaling Icon

Whaling, impersonating managers, 
A sense of pressure.

Be cautious of cyber attackers targeting C-suite executives or tech teams as high-value targets. Additionally cyber criminals gain access by posing as  senior members of a workplace, taking advantage of their position, pressuring employees to quickly share sensitive details, open suspicious files of download malicious attachments.

How to avoid phishing

Unfortunately, there is no perfect solution to prevent Phishing. Though email blocking tools can aim to detect and block fraudulent websites and emails, many slip the net so it’s best to take caution with unexpected emails SMS messages and event calls.

Icon for multi-factor authentication

Use multi-factor authentication (MFA)

MFA adds an extra layer of security when logging in to sensitive applications. MFA can require something like a code from a secondary device or your fingerprint.

Chain link icon for hyperlinks

Double check links

Double check links
Double-check the email addresses and website links before clicking on any link.

Book icon

Educate yourself

Stay informed about common phishing tactics and security best practices.

Thinking and deciding icon

Be skeptical

Verify the authenticity of unexpected communications by contacting the organisation directly through official channels.

Icon for software updates

Update software

Keep your antivirus, anti-malware, operating system, and applications up to date with the latest security patches.

Website Icon

Use secure web gateways and DNS filtering

Secure web gateways (SWG) and DNS filtering can be a powerful step in your anti-phishing strategy.

Icon of information caught on a hook.

Use anti-phishing tools

Use anti-phishing tools and technologies to detect and block fraudulent websites and emails.

Icon of a firewall

Use a firewall

Firewalls can act as a shield between your computer and an attacker.

Icon of a phone call

Report suspicious contacts

Report all suspicious contacts to the Federal Trade Commission (.gov) or by calling 1-877-IDTHEFT.

What to do if you've fallen victim to phishing attacks:

  • Immediately change the passwords on all affected accounts

  • Create unique passwords for each account

  • Confirm that you have multi-factor authentication turned on for every account you can

  • Contact your financial institution immediately

Interested in helping train your team with phishing simulations?

Get Started With SafeWeb
Blue background with geometric patterns