Inform users how to recognize phishing (e-mail fraud)

Phishing is an increasingly popular technique for accessing sensitive and/or confidential data.

Inform users how to recognize phishing (e-mail fraud)

Know how to recognise malicious e-mails, spam or phishing e-mails that algorithms cannot detect. This mindset of challenging information prevents misuse of hacked information.Communicate to your users what to pay attention to when using email

Domain Names

Pay attention to the domain-name (the bit after the @symbol). Make sure the spelling is correct, and if you don't know the company, perform a quick google on the domain name. Even if an email is sent from a person you know, verify if the domain-name is the one that your are expecting, and has no typo's or small changes

Grammatical and/or spelling errors

Check for obvious spelling errors... although it's becoming harder to recognise phishing emails, incorrect spelling is often still a giveaway. If an email contains gramatically incorrect phrases, make sure you double-check the email before responding


Beware of attachments! If an email has attachments, ask yourself the question if this is the type of attachment you are expecting. If an email contains e.g. an invoice, ask yourself is this is typically the person you get the invoice from. Compressed files (.zip) or executables (.exe) should trigger your suspicion.


Phishing emails will often contain links to websites, invoices, documents,... Verify the link by hoovering over the text. Check ,if the actual link is a domain you would expect, and if it is correctly spelled.

A sense or urgency

Scammers will often urge us to action and create a sense of urgency.. Typically, the email will threathen to 'stop the service','delete your account permanently' or 'cause harm to your business'.. Email with a threathening tone or requesting urgent action should always be verified twice before responding