WHY THIS MATTERS Phishing remains the fastest path to account takeover and fraud. A few consistent habits materially reduce risk for you and your coworkers. RED FLAGS • Urgent tone demanding immediate action (“Your mailbox will be deleted today”). • Mismatched links: hover to see the real destination before clicking. • Unexpected attachments or “Enable macros” requests. • Asks for passwords, MFA codes, or “verify” via a login page that looks slightly off-brand. WHAT TO DO IF YOU ARE UNSURE Do not click links or open attachments. Use the “Report phishing” button in Outlook if available, or forward the message as an attachment to your security contact per local policy. When in doubt, open a ticket and ask. IF YOU ALREADY CLICKED • Disconnect from VPN if instructed by security. • Change your password from a known-good device after IT confirms it is safe. • Note the approximate time you clicked and what you entered (password only vs MFA approval). AFTERWARD Watch for unusual rules in your mailbox (forwarding), unexpected MFA prompts, or calendar invites from unknown senders—report those quickly. THIS ARTICLE DOES NOT REPLACE POLICY Follow your organization’s incident response channel if one is published on the intranet.