Scribd
Upload
56 views

Phishing FAQ

This document provides information about phishing emails including how to identify them, prevent data theft, and what to do if you receive or click a phishing email. It defines phishing as emails sent to steal data or gain unauthorized access. It recommends verifying the sender, not trusting outside sources, not providing personal information, asking questions, and not clicking links or downloading attachments from untrusted sources. It also describes steps to take if you click a phishing link such as reporting it, being vigilant for changes, changing your password, and following guidance from the Global Service Desk (GSD) which can be contacted via ServiceNow or phone.

Uploaded by

Dean
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
56 views

Phishing FAQ

This document provides information about phishing emails including how to identify them, prevent data theft, and what to do if you receive or click a phishing email. It defines phishing as emails sent to steal data or gain unauthorized access. It recommends verifying the sender, not trusting outside sources, not providing personal information, asking questions, and not clicking links or downloading attachments from untrusted sources. It also describes steps to take if you click a phishing link such as reporting it, being vigilant for changes, changing your password, and following guidance from the Global Service Desk (GSD) which can be contacted via ServiceNow or phone.

Uploaded by

Dean
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Phishing FAQ

Contents
What is Phishing? ...................................................................................................................................... 2
How do I decide the email is a phishing email? ....................................................................................... 2
Check Email Banner ............................................................................................................................... 2
Verify the sender ................................................................................................................................... 2
Do not trust outside sources ................................................................................................................. 2
How can I prevent my data being stolen?................................................................................................ 2
Never volunteer personal or private information. ................................................................................ 2
Ask questions. ........................................................................................................................................ 3
Do not click links. ................................................................................................................................... 3
Do not download attachments. ............................................................................................................. 3
Validate the email. ................................................................................................................................. 3
I clicked a link in a phishing email, what can I do? .................................................................................. 3
I received a phishing email and did not click the link, what can I do? .................................................... 4
How do I contact the GSD? ....................................................................................................................... 4
Where can I go to learn more about phishing emails? ............................................................................ 4
What is Phishing?
Phishing is an email sent out by a threat actor (the person sending the email) with the intent to steal
data or gain unauthorized access. There are also other forms of Phishing known as Spear Phishing (a
targeted form of Phishing), Whaling (Phishing targeting CEOs and Board Members) and Vishing (Phishing
over the phone).

Phishing emails employ Principles of Social Engineering to trick users into believing the email is real.
These principles are: Intimidation, Urgency, Scarcity, Trust, Familiarity, Consensus (Social Proof) and
Authority.

How do I decide the email is a phishing email?


For non-technical users, the best methods of deciding an email as phishing are found below:

Check Email Banner


When receiving an email originating from outside of Cision, emails will have a banner that displays
notifying you that. (See below) These emails should not be trusted, especially if the from address
(sender) resembles an @cision.com email address. Verify the sender and check before clicking!

Verify the sender


If the sender impersonates another Cision employee and spoofs their email address, the recipient can
easily reach out to that employee either by using another line of communication either phone call or
Microsoft Teams, or by writing an entirely separate email and verify that they sent the email. Their
response should supply an answer to whether the email was real or not.

Do not trust outside sources


This cannot be stressed enough. Even sometimes, we must be wary of impersonated inside sources.
Always verify the sender by writing the sender a separate new email to verify they were the actual
sender. Stranger Danger!

How can I prevent my data being stolen?


Cision’s IT team has modern technology, automation, and industry-leading security frameworks in place
to secure our data. Still, you play a significant role in preventing data theft. Below are a few things
every user can do to help protect our data:

Never volunteer personal or private information.


If someone is requesting personal or private information (username and password, social security
number, date of birth, etc.) do not provide that information without verifying the intent and reasoning
behind the request. There are very few cases where a request for private information via email or
telephone are legitimate.
Ask questions.
Asking questions is an effective way to help decide if the email is legitimate or not. The responses
and/or lack thereof will help in deciding if the email is phishing or not. It is also best to do this using
another line of communication I.E., telephone, in person, write the sender a separate new email to
verify they were the actual sender.

Do not click links.


There are attacks that work just by clicking a link. One second, you are clicking a link in an email and the
next second your login credentials were compromised leading to more malicious activity. If the email is
unexpected or from an untrusted source, write the sender a separate new email to verify they were
the actual sender.

Do not download attachments.


Downloading an attachment is also an easy way to compromise the security of the entire Cision
network. There is malware that exists that can move from one computer to another without the user
even having to run the software which is known as a Worm. If the email is unexpected or from an
untrusted source, write the sender a separate new email to verify they were the actual sender.

Validate the email.


Even if the email is from a trusted source (let us use Global Service Desk (GSD) as an example), anytime
there is a request for personal or private information, the recipient should verify via another source of
communication I.E., calling the Global Service Desk (GSD) or write the sender a separate new email to
verify they were the actual sender. So, if the email is from an untrusted source then verification is a
requirement. If you are unable to reach out to the person directly, try reaching out to their company
instead. The responses should help you to decide if the email is phishing or not.

I clicked a link in a phishing email, what can I do?


Step 1. Report that you clicked a link in a phishing email as well as what was experienced after clicking
the link to the GSD. The GSD will then work with the proper IT teams to remediate the threat.

Step 2. While this is happening, you should be vigilant to any noticeable changes to your system – I.E.
Does my company PC now run much slower than before? Are there any new applications that appeared
after clicking the link? Has there been any activity on my account that I did not authorize? – If any of the
responses to those questions were yes then you should also report this to the GSD so they can escalate
the issue as soon as possible.

Step 3. Report the email as phishing. To do so, open the email in Outlook, click on Report Message and
then click on Phishing in Outlook.
Step 4. Change your password.

Step 5. Follow any other guidance provided by the GSD.

I received a phishing email and did not click the link, what can I do?
Just receiving a phishing email is extremely common. If no links were clicked/files downloaded; and no
private information was provided to the threat actor, then the email can be reported as Phishing (See
step 3 in the earlier section) and removed from your inbox. The reporting function helps identify future
phishing attempts and stops them before they reach the end-user.

How do I contact the GSD?


-Use ServiceNow – https://cision.service-now.com/sp
-For Priority, please call US & Canada: 8007768082 EMEAI: +442074545220

Where can I go to learn more about phishing emails?


Please consider viewing this article from the Federal Trade Commission about phishing emails.
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-
scams#:~:text=Phishing%20emails%20and%20text%20messages%20may%20look%20like,payment%20w
ebsite%20or%20app%2C%20or%20an%20online%20store.

Cision Information Security Office


Information.security@cision.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy