If you receive a suspicious email that appears to have come from an organization, especially one that partners with your agency, it is important to handle it carefully to avoid potential phishing or scams. Here are the key steps to take:
- Do not click any links or open attachments in the email.
- Do not reply to the email as this may confirm your email address to attackers.
- Carefully check for signs such as poor grammar, generic greetings, or mismatched email domains that may indicate the message is fake.
- Report the suspicious email to your IT department or security team if you are at work, following your organization's phishing reporting policy.
- If it is a personal email account, use your email provider’s option to report phishing emails.
- Delete the email after reporting, including from your trash folder.
- If you are unsure about the legitimacy of the email, independently contact the organization using a trusted phone number or website—not the contact details in the suspicious email.
- Maintain good security practices such as changing affected account passwords and enabling two-factor authentication if you suspect any compromise.
Taking these precautions helps protect you and your organization from phishing attacks and potential data breaches.
