#1 – The “Double Check Before You Click” Rule

---

Questions to ask before clicking

• Is the sender’s email correct? Look for subtle misspellings or unusual domains.

• Were you expecting this message? Unexpected emails, even from colleagues, can be suspicious.

•  Does the link match the company’s real website URL? Hover over links to check the actual URL.

• Is the message urgent or pressuring you? High-pressure emails are a common trick used by attackers.

Red flags to watch out for

• Poor grammar or spelling mistakes
• Generic greetings like “Dear Customer”
• Requests for sensitive information or financial transactions
• Unusual attachments, especially with double extensions (e.g.,pdf.exe)

Best practices 

• Pause before clicking: Even a quick hesitation can prevent a mistake.
• Verify with the sender: If an email seems off, contact the person or company directly using a known phone number or website.
• Use IT-approved tools: Many email platforms have built-in phishing warnings—pay attention to them.

 Treat every unexpected link or attachment as potentially dangerous.