Phishing is the most common tactic employed by hackers, as it requires the least amount of effort and generally preys on the less cyber-aware. It's also the most common way for users to be exposed to ransomware. Phishing can take many forms, and the following email can be used to brief your users on some of the ways that phishers target companies,

1. Companies usually WILL NOT request for your sensitive information. They will not ask you for your passwords, credit cards, credit scores, nor they will send you ANY kind of link or attachment to download.
   

2. Phishing emails will USUALLY approach you by “Dear valued member, customer or account holder. Most of the time, when a company needs to get in contact with you, they would email you by your name and would MOST LIKELY provide you a contact number, or contact you via phone. 
   

3. Most of the companies who email you will have a domain email. Hover your mouse over the email and see if you see anything suspicious about it. Sometimes, phishing email will use logos of companies that look way off than the original logo. ALWAYS double check the email name. 
   

4. A very common error that hackers/phishers have is their spelling. If you carefully read the email, you will notice that sometimes they don’t know how to spell OR they don’t have proper grammar. Most of the time organization emails are well written. 
   

5. When opening emails, be careful if where you are clicking. You can click ANYWHERE on the email and it will automatically download something or open a fake web page on your computer. And if you ever see a link in your email, make sure you hover over the link to see if there is a undercover link under it. 
   

6. Companies will NEVER randomly send you attachments. If you ever needed something from them, they will most likely direct you to a download document, files, or even on their website.
   

7. There is something called account upgrade emails. occasion, your employees’ core software like Microsoft Office may be upgraded to the newest version. This type of template would instruct users they need to download an upgrade to ensure their applications like Word and Excel keep working properly. Again, this seems like a legitimate message that businesses would send. While you might send a real email informing employees of an upgrade, you’d never ask them to download directly from an email. 
   

8. The Password Reset Template is an obvious phishing attempt. Hackers send a simple email that prompts you to reset your password. Many employees fall prey to this trick. You do not usually receive a genuine password reset email unless you have asked for it. Therefore, an unsolicited password reset email is a trap to lure you into disclosing your password and other confidential information.
   

For example, the picture above shows that it’s from Mike Behar, but the email shown is not from Mike’s actual email address. 

This example is similar as the previous one, it’s stating it’s from Costco shipping agent, but the email is not from the actual shipping agent AND where it says “this form”, if you click on it it will bring you to another page which will MOST LIKELY ask you for personal information. WATCH OUT for those.

This one is simple, you will get emails asking you to change your password or your password expires, NEVER click on anything unless you’re asked for a password change.

9.