Recognizing Phishing Attempts
Phishing is a fraudulent attempt to gain access to sensitive information—such as passwords, financial data, or internal systems—by pretending to be a trusted source. These attacks most commonly occur through email, but can also come via text messages or phone calls.
Key Warning Signs
- Urgency or pressure – Messages that push immediate action (“Your account will be locked today”).
- Unusual sender address – The name may look familiar, but the email domain is slightly altered.
- Suspicious links or attachments – Links may redirect to fake login pages or harmful sites.
- Requests for sensitive information – No legitimate organization will ask for passwords, MFA codes, or banking details via email.
- Generic greetings – “Dear User” instead of your name.
- Poor grammar or formatting – Often a sign of fraudulent communication.
Common Phishing Examples
- Fake Microsoft Alert: An email asking you to “verify your account” immediately using a link that leads to a counterfeit login page.
- Vendor Payment Change: A message from a “vendor” requesting updated banking details—often with a slightly misspelled email domain.
- Package Delivery Notice: A notice claiming a failed delivery with a link to “reschedule,” even when you are not expecting a package.
- Executive Impersonation: A message appearing to come from leadership asking for urgent help purchasing gift cards or sending sensitive information—often from a personal or incorrect email address.
What To Do
- Do not click links or download attachments from suspicious messages.
- Verify requests by contacting the sender through a known, trusted method.
- Report the message to IT or the Director of Operations immediately.
- When in doubt, do nothing until it is verified—phishing depends on quick reactions.
Bottom Line Phishing attacks rely on urgency and deception. Slowing down, verifying details, and reporting concerns protects both you and Crosspoint Church.