Need Support?

You’ve failed a company-sponsored Phishing Test.

You’ve clicked on a link in an email that was clearly a Phishing Email. If you would like further information about why you should not have clicked the links in this particular email, or what the clues were, please let Refocus Information Technology know by emailing [email protected].

Logo of the company 'REFOCUS'

Phising Training

On a regular basis, Refocus Information Technology uses a testing platform called PhishingBox to send out random tests to make sure that people understand how to avoid the pitfalls of Business Email Compromise (BEC) and Phishing schemes.

To avoid being a victim in a real phishing or email compromise scan, please consider the following before clicking on links in email:

  • Are you familiar with the sender of the email?
  • Hover over the senders email address. Does the sender name match the email address? Oftentimes scam emails will be from random domains that do not match the name of the person.
  • Are you expecting a file, link, or information from the sender of the email?
  • Have you verified with the sender of the email that they actually sent the email that included the file or link? If not, contact them by phone, text, or offline methods to verify they sent the email to you.
  • Have you reviewed the email for common signs of a phishing? For example:
    • Do you notice any grammatical or spelling errors? Oftentimes scammers will use domains similar to large companies. For instance, to fool you into thinking you’ve gotten an email from Microsoft, you may get an email from [email protected] with a spelling change that is easy to overlook when reading fast.
    • Is there odd information in the greeting or closing of the email? Things like not being addressed by name such as “dear sir or madam”.
    • Threatening language is oftentimes a sign as well. Most of the time your accounts are not going to be suspended no matter how much a scammer wants you to believe they are.

Generally, NEVER open any attachments you’ve received unless you are explicitly expecting to receive the attachment and it’s from a reliable source. Even in that case, contact the sender by phone call, creating a new email, or text message to find out if that person sent the attachment in question.

If you receive an email and click on a link that prompts for a password, never enter the password. This is a classic phishing example and how many business email compromises occur. Multi-factor authentication (MFA) helps to prevent a password from being your only defense. Even if you’ve accidentally exposed your password, a scammer would need your 2nd  authentication method (such as a text code) to successfully compromise your account. NEVER allow anyone access to this second authentication method.

If you feel that you do not have enough information to make an informed decision about an attachment, link, or an email in general, always reach out to your manager or consult with Refocus Information Technology. We’d rather you forward the email in question to us than to click a link. Please send anything in question to [email protected].

If you feel that you could use more training or a better understanding of how Business Email Compromises, phishing, ransomware or other attacks occur, please feel free to send an email requesting that assistance to [email protected].

 

Thank you.

Leslie W. Cothren