Below are scenarios outlining what to do if you receive a phishing email or are unsure whether an email is legitimate.
Scenario 1:
Obvious Phishing or Scam Emails – You received an email that is obviously a phishing attempt.
What to Do: Forward the email to [email protected]
Scenario 2:
Unsure About an External Email – You received an email from an external contact that looks a little sketchy, but you’re not sure.
What to Do: Forward the email to [email protected] (The security team will reach out to you if the email turns out to be legitimate.)
Scenario 3:
Unsure About an Internal Email – You receive an email that appears to come from someone within the agency but seems off. You were not expecting it, it was sent only to you, or it includes a link or attachment you did not request.
What to Do: Call the person who appears to have sent the email. Use the org chart to find their work phone number and confirm whether they sent it. If they confirm they sent it, the email is legitimate. If they did not send it, forward the email to [email protected]