Phishing is the Most Successful and Potent Attack Vector
Learn to spot a phishing message
Email Address Are you sure this email is actually from Microsoft? Look again! Phishing emails can fake the display name of the sender but they cannot fake the actual email address.
Be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.
Urgent call to action or threats. Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often they'll claim you have to act now to receive a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so you won't think about it too much, or consult with a trusted advisor who may warn you away. An example would be: “Your account will be Blocked!” or, “Your account expires Today!”
Spelling and bad grammar Professional companies or organizations usually have an editorial staff to ensure customers get high-quality, professional content. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate in an attempt to evade filters that try to block these attacks.
Suspicious links or unexpected attachments Cybercriminals can also tempt you to visit fake websites with links to your email which may prompt you to enter your personal passwords.
Be wary of social engineering. Scammers scrape personal information from the Internet and use it to impersonate friends or authority figures.
Phishing emails often tell a story to trick you into clicking on a link or opening an attachment. They may-
say they’ve noticed some suspicious activity or log-in attempts
claim there’s a problem with your account or your payment information
say you must confirm some personal information
include a fake invoice
want you to click on a link to make a payment
say you’re eligible to register for a government refund
offer a coupon for free stuff
If it sounds too good to be true, it probably is.
If you receive a suspicious email
Do not enter your personal information or passwords on an untrusted website or a document referenced in the email.
Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.
Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders by phone that they did indeed send the message and meant to send an attachment.
Do not reply even if you recognize the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
Report any suspicious messages by forwarding it to email@example.com
Delete the message.