What is phishing and how can employees recognize and avoid it?

• A. Phishing is a social engineering attack via email or messages; look for suspicious sender, links, urgency; verify with known contacts
• B. It is a method for retrieving data from backups
• C. It is a legitimate IT support technique
• D. It is a process to audit vendors

Answer: (A)

Phishing is a social engineering attack in which someone pretends to be a trustworthy person or organization in electronic communications to trick you into revealing passwords, personal data, or installing malware. You can spot it by red flags such as an unexpected or unusual sender, messages urging immediate action, requests to click a link or open an attachment, and URLs that don’t match the purported sender. Look for generic greetings, poor grammar, or branding that doesn’t line up with the real organization. To avoid falling for it, don’t click links or open attachments from suspicious messages; hover over links to see the actual URL and verify it through a known, separate contact channel (not the contact details in the message). Use multi-factor authentication, strong unique passwords, and report suspicious emails to IT. Keep software and security tools up to date, and participate in phishing awareness training to improve recognition and response. If you’re ever unsure, pause, verify through a trusted channel, and err on the side of caution.