This is not a malicious document but could have been, had this been an actual phishing attempt.

We ask that you do not yet reveal the nature of the test to your coworkers, as doing so may affect test results, however please feel free to contact your Audit or IT department to verify that this was a sponsored test.

Malicious emails are constantly increasing and becoming more sophisticated so it is up to you to be wary of suspicious looking emails, links, and documents. Below are some helpful tips to help you to stay safe and reduce the risk of an attacker gaining valuable information.

Red Warning Banner

All inbound emails coming from the outside world have this red warning banner added to the top of the body of the email.

This email came from a sender outside CCCU. STOP and THINK before you click on hyperlinks or attachments.

Use extra caution with these outside emails by exercising the following tips.

Verify Sender's Email Address

In most cases, inter-office emails within programs such as Outlook will display only the sender's name if the email is in the directory. If an email is sent from an unknown source, even if the address appears correct, it will be displayed with the sender's name along with the full email address. Verifying the correct email address and naming convention used in your email program is the first step in keeping safe.

Be Wary of Unusual Content

A lot of attackers these days attempt to scare users into downloading a "security update" for a new virus or fake Microsoft patch. This is not the way Microsoft operates and all emails directing you to download any patch or executable should be verified with the IT department prior to clicking. In actual malicious attempts, the file could appear good but in the background may open a communication channel directly to the attacker; allowing information to be stolen.

Hover Before You Click

A lot of email services don't check for what are called Masked Links. This is the strategy that was used to direct you to this informational site. A link in an email could appear to be directing you to a legitimate site such as www.microsoft.com but in fact directs you to a malicious site, often with a similar name such as www.m1crosoft.com. Verifying the link in the email is in fact the site being sent to is very helpful in preventing attackers from gaining valuable and sensitive information.

Refer to the CCCU Employee Handbook Appendix C – Acceptable Use Policy and the MyCU IT Procedures on Acceptable Use Acknowledgement for further details on disciplinary action(s) for failed phishing test(s).