1 of 4 ยท The Threat
โšก Cyber Alert #1 EMAIL
โš  Threat
๐Ÿ“ง The Dodgy Email (Phishing)

The #1 way attackers get in โ€” and the easiest to stop once you know the signs.

How Common
10
How Sneaky
7
How Bad
8
How Clever
5
๐Ÿ’ช Imagine this...

A man in a high-vis jacket knocks at your door. He says he's from the gas board, there's an urgent leak, and he needs to come in right now. He's got a clipboard, he looks the part, he sounds in a hurry. But he hasn't shown you a real ID, the van outside has no logo, and when you ask your neighbour later, no one else was visited.

A phishing email is exactly that โ€” a stranger in a costume, using urgency and authority to get you to open the door (click the link, type your password).

๐Ÿ” What to watch out for
โ—† Urgency โ€” "Act now or your account will be closed". Real firms don't panic you.
โ—† Odd sender โ€” The display name looks right, but the actual address is a bit off: service@paypa1-alerts.com.
โ—† Generic greeting โ€” "Dear Customer" instead of your actual name.
โ—† Unexpected link or attachment โ€” Especially if you weren't expecting it.
โ—† Bad spelling or weird grammar โ€” Big firms proofread. Scammers often don't.
โ—† A link that doesn't match โ€” Hover over the link (don't click!). If the real destination differs from the text, it's a red flag.
๐Ÿ›ก Your Defence
What to do
โ—† Stop โ€” Don't click anything. Don't reply. Don't open attachments.
โ—† Check โ€” Hover over links to see where they really go. Ring the sender on a number you already know (not one in the email).
โ—† Report โ€” Use the Report Phish button in Outlook, or forward to your IT team. This is the single most helpful thing you can do.
โ—† Delete โ€” Once reported, delete it. Don't leave it sitting in your inbox.
๐Ÿ” Real example spotted last month

"Your Microsoft 365 password expires today โ€” click here to keep your account active." Sender: security@microsft-portal.com (note the missing 'o' in Microsoft). The link led to a fake login page that captured the password. Two colleagues clicked โ€” only one reported it.

๐Ÿšฉ Spotted something dodgy?

Hit the Report Phish button in Outlook, or drop IT a line on Teams. You catching one protects everyone.