How to protect my company
Often, at first glance, phishing emails or websites can appear to be from legitimate sources or known senders, or even copies of previously received emails, making it very difficult to discern their malicious intent.
Some techniques, however, can make it easier to detect a phishing attack:
The email is misspelled
Errors happen. But errors that result from poor translations or inconsistent sentences can indicate that attackers of foreign origin are impersonating another nationality.
The return email address is not normal
If you receive an email from a known company, the email must come directly from that company's domain. Often, extra letters or numbers in the return email address indicate that it comes from another domain, unrelated to the company. Similarly, no company should send you emails from public providers (such as gmail, or yahoo).
The email asks for personal information
Reputable companies will never ask for personal information such as your PIN number, account numbers or other details. If you have questions, please ask to be contacted by other methods.
Suspicious attachments
Attachments are very common. But they can be malicious. Do not open files with unknown extensions and, if you can, avoid opening Office attachments, especially those containing Macros.
You don't have an account with this company
If you receive a message that indicates that you have a relationship with a company (e.g., Netflix), but you don't, or if you have, you didn't register with the email where you received the message, then it probably is fraud.
The message is urgent
A favorite phishing tactic is to immediately put pressure on the victim to be unreasonable in their actions. Late payments, closing application deadlines, and fantastic promotions are among the most common reasons for attacks.
The sender doesn't seem to know you
“Dear customer” or “Greetings, friend” are indications that an email does not come from a sender who knows you, which could indicate, if you really should know who it is, that it is phishing or spoofing.
Links hidden by email and with different URLs
Emails may come with links, which in turn appear as phrases or words. You should understand which link this text leads to, as these may be fake sites.
Be informed about new phishing techniques and email protection technologies
The techniques used by attackers are constantly evolving. You should try to stay informed about new types of attacks and campaigns (attacks with a common theme) currently taking place.
Learn how our Phishing Simulation tool can educate your employees
What to do if you are a victim of phishing
If you suspect that you have responded to a phishing email with personal or financial information, please take the following steps to minimize any harm:
Contact your service provider directly (a bank, for example)
Change the information you have disclosed. Change, for example, the passwords or PINs of the account or service that you think may have been compromised. Remember not to use the same credentials (passwords) in different services.
Regularly search your bank details for unexplained charges or queries that you haven't requested.
Contact the authorities. Sistema Queixa Eletrónica is the Portugal’s national center for reporting fraud and crimes on the internet.
You can file a complaint with the Portuguese Public Ministry, using the website https://cibercrime.ministeriopublico.pt/pagina/denuncia
You may also report the incident to the Portuguese cyber security center (Centro Nacional de Cibersegurança), using https://www.cncs.gov.pt/pt/notificacao-incidentes/
Internationally, you should report a complaint on the FTC complaints website, on the IC3 (FBI) complaints website, and on the APWG (Anti-Phishing Working Group) address - reportphishing@apwg.org