1. Inspect the Sender Lane
Hover over the display name and examine the real sending address. Attackers often spoof by swapping letters (microsoft.com vs. micr0soft.com) or hijacking lookalike domains (contoso-support.ca). If the email claims to be internal but is sent from a public service, treat it as suspicious.
2. Scan the Subject and Timing
Urgency, threats, or unexpected requests for payment are red flags. Phishing campaigns spike early Monday mornings and Friday afternoons when responders are busy. If an email pressures you to act immediately, pause and validate through another channel.
3. Hover Before You Click
Hover over every link or attachment. Does the URL point to a domain you recognise? If there is a mismatch between the display text and the real destination, forward the message to security. Never enter credentials after following an unsolicited link.
4. Analyse the Body
Poor grammar, generic greetings, and unexpected tone shifts are common phishing tells. Emails that skip company templates or signatures should be verified. If there is a request to change banking details or share files, call the sender using a known number.
5. Report It
Use your report-phish button or forward suspicious emails to security@yourcompany.ca. Reporting takes seconds, gives the SOC visibility, and helps protect peers who may receive the same lure. Always report even if you are unsure—we would rather review a false positive than miss an attack.
Quick Response Checklist
- Do not click links or open attachments until the sender is verified.
- Contact the purported sender via a trusted phone number or chat.
- Report the message so the SOC can quarantine lookalike emails.
- If you clicked, reset passwords immediately and inform security.