Put a HALT to Phishing!
HALT is a 4 step process to help you identify phishing attacks:
Hover your cursor over any links (without clicking) to reveal the TRUE path. If the text doesn’t match the link, it’s the first clue that the message is suspicious.
Analyze the sender’s e-mail address and ask yourself:
- Do I know this person?
- Would I expect to receive an e-mail about this topic at work?
- Without question, should I follow the instructions in the e-mail?
If you answered no to these questions, don’t click the link or open the attachment. Report it!
Look for subtle changes to the e-mail address and links. Domains should reference a valid organization and be consistent with the message.
Long Description
Cyber criminals often use real subdomains to draw attention away from the domain.
For example: scammer@hrsdc-rhdcc.goc.ca where "hrsdc-rhdcc" is subdomain and "goc" is domain.
http://www.servicecanada.gov.ca/eng/home where "servicecanada" is subdomain and "gov" is domain.
Cyber criminals make subtle changes to domains. This is what to watch for.
Test the sender. Call the individual or organization, or visit their website, to confirm the request using a verified telephone number or web address from another source. Do not use contact information provided in the message.