Your company is participating in a Cyber Security Education Program.

This Email Password Expiration Phishing Attack included the following social engineering techniques:

1. A product you probably use everyday (example: MS Outlook)
2. Attackers exploit probability and assume most use this product.
3. Urgency in the <subject> to get your attention. (example: expires in 72 h)
4. Urgency to act (example: expires in 72 h).
5. Most phishing attack emails have a sense of urgency.
6. Reference to corporate policy or reason for this action.
7. Spoofed domain which appears legitimate (example: msoffice@lang-fr-en.ca).
8. Simple clean email to minimize suspicion.

How to spot this was a phishing email:

1. Was this an email you expected to receive? No - Be cautious
2. Did your IT department advise this needed to happen?
3. You should reach out to IT department to confirm.
4. Is this a policy which is already in place?
5. Why now? - Contact IT department.
6. The sender named email address was suspicious (domain is not associated with the your company or software provider.)
7. Brining up browser and typing in domain used isn't valid  (example: lang-fr-en.ca).
8. The link provided used suspicious domain similar to above.