Skip to main content

Phishing email guidelines

Alex
Phishing emails are sent to get the recipient to disclose personal information about you or your company which could then be used to commit fraud. Olafe has multiple phishing protections in place to prevent a phishing attack on your business, but since phishing is a multi-million dollar "industry", thieves use innovate ways to bypass security software.

How to identify a phishing email?
  • The email states some type of urgency for you to do something. Some of the common emails have the following topics:
    • Reset a password.
    • Provide additional information about an account or the account will be terminated.
    • Collect money from a prize, a lottery or an inheritance.
    • Buy pharmaceuticals at a low cost or without a prescription.
  • The email came from an unknown source.
    • Take a look at the domain it came from. If the senders email is from an AOL/Hotmail/Yahoo account but the email content is about a bank or a social website, it is fake.
    • Take a look at the person's email address. does it seem like something a company would use?
    • Hover your mouse over links in the email that prompt you to do something. If it goes to a different website name, do not click the link.
  • Asking you to do something in order to receive something else.
    • Typically you are asked to fill out a form with information which should not be required based on the topic of the email.
    • You are asked to send money in order to receive a larger sum of money.
  • The email has an attachment which would not be sent by large institution that needs to get in touch with you.
    • If the attachment is a zip file, do NOT open the attachment - it will most likely have a virus.
    • If the attachment is Word,PDF, or Excel document, which may have a word "form" in it for you fill out, do not open it - it will most likely have an embedded script inside of it to steal your personal or company information.
    • The links in the email seem to go to a different location.
  • The contact information has an address in different country, for a Post Office Box, or from an area which does not seem right.
    • Such addresses are hard to validate.
    • You can optionally check that address with Google Maps to validate it.
What to do with a phishing email?
  • If an email matches the above, and you are certain that it is a phishing email, just delete it.
  • If a number of phishing emails persists or increases, you can notify our system about the phishing email.
  • The email and the links look legitimate, and you would like to use precaution
    • Links
      • Do not click on the link.
      • Type the name of the institution with which you normally do business directly into  the URL field of the browser.
      • Use the web site's internal messaging to communicate. Do not send emails. Emails are typically insecure and can be intercepted and read by anyone.
    • Telephones
      • Do not call the telephone number in the email.
      • Call the phone number which you normally call to transact business with your institution.
If you are uncertain about opening an attachment or clicking a link, please feel free to contact support.

Comments

0 comments

Article is closed for comments.