IC University Blog

Don’t Take the Bait!

Posted by Thaddeus Evans on Oct 17, 2023 11:16:00 AM



Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. It’s important every individual stop and think before clicking on a link or opening an attachment and know how to spot red flags. Cybersecurity Awareness Month 2023 guidance provides the tools needed to recognize and report phishing to your organization or email provider.


Phishing occurs when criminals try to get you to open harmful links or attachments that could steal personal information or infect devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get you to respond. The good news is you can avoid the phish hook and keep accounts secure!

  1. Recognize - Look for these common signs:
    • Urgent or alarming language
    • Requests to send personal and financial information
    • Poor writing, misspellings, or unusual language
    • Incorrect email addresses, domain names, or links (e.g. amazan.com)
  2. Report - If you suspect phishing, report the phish to protect yourself and others.
    • Know your organization’s guidance for reporting phishing. If your organization offers it, you may find options to report via the “report spam” button in your email toolbar or settings.
    • For personal email accounts, you may be able to report spam or phishing to your email provider by right-clicking on the message.
  3. Delete - Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly:

  • Go to the company's website and capture their contact information from the verified website. Search for the site in your web browser or type the address yourself if you’re sure you know it.
  • Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.


  • 72% of respondents reported that they checked to see whether messages were legitimate (i.e. phishing or a scam) compared to 15% who reported not doing so. (NCA)
  • 47% of the participants said they used the reporting capability on a platform (e.g. Gmail, Outlook) “very often” or “always”. (NCA)


For a printable version of the flyer below, click here.




Topics: CISA, Cybersecurity Awareness Month, Phishing, Security Training, Secure Our World