security-policy-as-code-framework-model

1. Overview

This document provides non-mandatory guidance to help all employees identify and avoid phishing attacks. Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication. Being vigilant is our first and most important line of defense.

2. Key Recommendations

2.1. How to Spot a Phishing Email

Look out for these common red flags. A single flag may not be definitive, but the presence of multiple flags is highly suspicious.

• Urgent or Threatening Language: Be suspicious of emails that demand you take immediate action or create a sense of panic.
  • Example Phrases: “Your account will be suspended in 24 hours!”, “Immediate action required”, “Your password has expired, click here to reset”.
• Generic Greetings: Legitimate companies will often address you by name. Be wary of generic greetings.
  • Example Phrases: “Dear Customer”, “Valued Member”, “Dear user@example.com”.
• Suspicious Links or Attachments: Hover your mouse over links before you click to see the actual URL. If it looks strange or doesn’t match the sender, don’t click it. Never open unexpected attachments, especially from unknown senders.
  • Example Link Mismatch: The text might say https://yourbank.com/login but the link actually goes to http://yourbanc.com-login-auth.xyz.
  • Dangerous Attachments: Be especially wary of .zip, .exe, .scr, and macro-enabled Office documents.
• Poor Grammar and Spelling: While not always present, obvious spelling and grammar mistakes are a common sign of a phishing attempt.
• Mismatched Sender Address: Check the sender’s email address carefully. Look for subtle misspellings or a completely unrelated domain.
  • Example Misspelling: user@micros0ft.com instead of user@microsoft.com.
  • Example Wrong Domain: An email claiming to be from “Bank of America” that comes from user@hotmail.com.

2.2. What to Do If You Suspect Phishing

If you suspect an email is a phishing attempt:

1. Do not click any links.
2. Do not open any attachments.
3. Do not reply to the email.
4. Report the email immediately. Use the “Report Phishing” button in your email client, or forward the email as an attachment to the Incident Response Team by following the incident-reporting-process.md.

When in doubt, always err on the side of caution and report it.

3. Helpful Resources

[Links to external documentation, tools, or other resources.]