You've Been Phished on Behalf of your Company!

This is not a malicious document but could have been, had this been an actual phishing attempt.

We ask that you do not yet reveal the nature of the test to your coworkers, as doing so may affect test

results, however please feel free to contact your Audit or IT department to verify that this was a sponsored

test.

Malicious emails are constantly increasing and becoming more sophisticated so it is up to you to be wary

of suspicious looking emails, links, and documents. Below are some helpful tips to help you to stay safe

and reduce the risk of an attacker gaining valuable information.

Red Warning Banner

All inbound emails coming from the outside world have this red warning banner added to the top of the

body of the email.

This email came from a sender outside CCCU. STOP and THINK before you click on hyperlinks or

attachments.

Use extra caution with these outside emails by exercising the following tips.

Verify Sender's Email Address

In most cases, inter-office emails within programs such as Outlook will display only the sender's name if

the email is in the directory. If an email is sent from an unknown source, even if the address appears

correct, it will be displayed with the sender's name along with the full email address. Verifying the correct

email address and naming convention used in your email program is the first step in keeping safe.

Be Wary of Unusual Content

A lot of attackers these days attempt to scare users into downloading a "security update" for a new virus

or fake Microsoft patch. This is not the way Microsoft operates and all emails directing you to download

any patch or executable should be verified with the IT department prior to clicking. In actual malicious

attempts, the file could appear good but in the background may open a communication channel directly

to the attacker; allowing information to be stolen.

Hover Before You Click

A lot of email services don't check for what are called Masked Links. This is the strategy that was used to

direct you to this informational site. A link in an email could appear to be directing you to a legitimate

site such as www.microsoft.com but in fact directs you to a malicious site, often with a similar name such

as www.m1crosoft.com. Verifying the link in the email is in fact the site being sent to is very helpful in

preventing attackers from gaining valuable and sensitive information.

Refer to the CCCU Employee Handbook Appendix C – Acceptable Use Policy and the MyCU IT Procedures

on Acceptable Use Acknowledgement for further details on disciplinary action(s) for failed phishing test(s).