You have Been Phished
Phishing is the easiest way for hackers to compromise data. To protect our organization, yourself and your family, please scroll below for more guidance on how to minimize this risk.

đźš© Red Flags You Should Have Caught

⚠️ External Email Warning Banner
The email client showed a Caution Alert stating the sender is not in your contact list or organisation. Whenever an external email arrives — even one that looks like it's from Outlook — you must be cautious before clicking any link or button.

🔍 Spoofed Email Address
The sender's address was ciso@fÿndna.com — not ciso@fyndna.com. The letter ÿ (y with an umlaut) looks nearly identical to a regular y but points to a completely different domain. Always hover over or copy the address to inspect it carefully.

🏷️ Wrong Job Title — CSO vs. CISO
The email was signed off as CSO (Chief Security Officer) when your organisation's role is CISO (Chief Information Security Officer). Attackers often get small details like job titles slightly wrong — this mismatch is a clear indicator of impersonation.

👤 No Name in the Signature
A legitimate email from a senior executive will always include their full name in the signature. The absence of a name is a classic phishing tell — attackers avoid names because a real employee would immediately spot the impersonation.

🚨 Repeated Urgency Language
Phrases like "immediately," "urgent," "right now," or "ASAP" used multiple times are designed to trigger panic and make you act without thinking. Legitimate internal communications rarely pressure you with repeated urgency — slow down whenever you feel rushed.

What is Phishing

How to Identify Phishing Emails

Do's and Don'ts

Always Double-Check the Sender

What to do:
Always check the full email address, not just the name shown.

Example:
An email from support@amaz0n.com looks similar to support@amazon.com, but it's fake. Attackers often change just one letter to trick you.

Inspect Links Before Clicking

What to do:
Hover your mouse over any link to see the real URL before clicking.

Example:
The link may look like https://paypal.com, but when you hover, it shows http://phishingsite.ru/paypal. That’s a trap — don’t click!

Don’t Open Unexpected Attachments

What to do:
If you weren’t expecting an attachment, don’t open it, even if it’s from someone you know.

Example:
You get an email from HR with a .zip file titled “Salary Update” — but you didn’t request or expect this file. Confirm with HR first before opening.

Look for Red Flags

What to do:
Urgent or threatening language (“Your account will be locked in 24 hours!”)
Grammar or spelling mistakes
Generic greetings like “Dear user” instead of your name
Strange requests like clicking a link or sending OTPs

Example:
An email says, “You’ve won a reward! Click now to claim.” That’s suspicious — don’t fall for it.

Enable Two-Factor Authentication (2FA)

What to do:
Turn on 2FA for all important accounts — email, bank, social media, etc.

Example:
Even if a hacker gets your password, they can’t log in without the OTP or code sent to your phone or app.

Employee Awareness

What to do:
Every employee should be trained to recognize phishing attempts.

Real-Life Example:
A hacker tricked Google and Facebook employees into paying over $100 million using fake invoices that looked real. If employees had verified the sender properly, the scam could’ve been stopped.